Re: [openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
On 11/23/2016 02:33 PM, David Woodhouse wrote: > If I make a new object type which looks like a PKCS#1 RSA key but is > actually something completely different, it's *already* likely that > OpenSSL will load that new object as if it was an RSA key in some > cases. > An exemple used by the 'gem' engine. openssl rsa -in key.pem -text Private-Key: (4096 bit) modulus: 00:c4:d9:a4:27:ea:17:10:09:35:79:89:fc:10:1f: 01:39:34:b7:23:93:5a:61:05:af:b1:04:49:8a:68: 95:69:23:21:8d:20:a3:60:e6:e5:65:69:bf:b6:41: f2:40:5c:1d:e3:53:15:90:ff:6d:34:26:45:46:b6: 97:f6:7c:f6:0f:5d:d8:59:02:a8:3c:b0:b4:06:2f: c7:b7:c7 publicExponent: 65537 (0x10001) privateExponent: 1 (0x1) prime1: 44 (0x2c) prime2: 41 (0x29) exponent1: 1 (0x1) exponent2: 1 (0x1) coefficient: 1 (0x1) -BEGIN RSA PRIVATE KEY- MIICHwIBAAKCAgEAxNmkJ+oXEAk1eYn8EB8BOTS3I5NaYQWvsQRJimg3roh2YLrs YI4KljjdJcN8EfvyIKfonUDJSRxn4BNInqq8EErhcG8j+BcO+D178RJVvfoiiA/b f1ru5rxuRywLKD3875QVvA6quc5V5I7EybEDO+v6yhlEZp3TN+3qSdTHnXZwBB7B rh8Z7XbF7yWKNIeb3rRgfVUodxA5lYTBM92TRdz48b/NT6eS4+hrPvsFu71vCSQB zbBWukwzzmIEfzGnzJ2NUwaq1uPC1HmzyqMrS90YVdZpTA8yTOVys2HXrUsguTD+ nCTgCizPBYUQe4iYmAgznTPpZ3KHiWGu2Il5lQRzrDcbOqtfvnon8ELqsK7+4QU3 9nNol7BCqPOmcWcT8Kx80qq11AKQYFEX5OygzI+Qp/F1o4oTlIs5/FFtBZZQ/T5+ j9DuewkpDfecKioBpVskZzwOnI9834u+CxCSqfYpb1XYD42HxnxLhsTjcYBzTbx+ xQUnpIUD6HxaCLFfNcCDYJSpD7KXHzO+pekyuLig1DNBlhVRa6i3yYj9JpmraW+6 1Sk2CQ7nvyB4FKAeXUFpCzS0eMZ7lPQ9qXlPiPF2eP//Jgg1FPvnQc+MHcGVaSMh jSCjYOblZWm/tkHyQFwd41MVkP9tNCZFRraX9nz2D13YWQKoPLC0Bi/Ht8cCAwEA AQIBAQIBLAIBKQIBAQIBAQIBAQ== -END RSA PRIVATE KEY- -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
There is at least one real life HSM engine, that encodes numerical identifiers as "pseudo prime numbers", you end up with a RSA private key that has 1 and 2 prime numbers? No new ASN.1 Best On 11/23/2016 11:47 AM, Richard Levitte wrote: > In message <1479894913.8937.58.ca...@infradead.org> on Wed, 23 Nov 2016 > 09:55:13 +, David Woodhousesaid: > > dwmw2> On Wed, 2016-11-23 at 09:56 +0100, Richard Levitte wrote: > dwmw2> > > dwmw2> > > dwmw2> > dwmw2> So maybe it's just "content types" that we have handlers for, > each with > dwmw2> > dwmw2> an optional PEM tag for matching, *and* an optional match > function > dwmw2> > dwmw2> which is given the parsed ASN.1 and checks if it's a match. > dwmw2> > > dwmw2> > I'm not sure what you mean with a match function... but going off on > dwmw2> > a limb, how about a reference to an OpenSSL style ASN1 description? > dwmw2> > So basically, for an imaginary TSS KEY BLOB (one that actually would > dwmw2> > use that TssBlob definition we talked about earlier), these three > dwmw2> > items would be specified: > dwmw2> > > dwmw2> > "TSS KEY BLOB", > dwmw2> > ASN1_ITEM_rptr(TSS_BLOB), /* TSS_BLOB ASN1 stuff defined in > engine */ > dwmw2> > handler /* Essentially a d2i function */ > dwmw2> > > Richard > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev