On 25/07/18 20:58, William Roberts
wrote:
On Tue, Jul 24, 2018 at 4:18 AM, Kaarthik Sivakumar
wrote:
Hello
I need to create a key pair using a TPM (proprietary) and build a CSR and
What TPM Version?
If it's TPM 2.0, a new Engine project has emerged here:
https://github.com/tpm2-software/tpm2-tss-engine
Yep 2.0.
This might be able to handle to just calling the create CSR routine. I
know back-in-
the-day the OpenSC engine with a PIV card could do it.
You can try to get ahold of the maintainer of that project (Andraes) through
a direct email or the project mailing list:
- https://lists.01.org/mailman/listinfo/tpm2
Ok, thanks for the info.
-kaarthik-
sign it using it the TPM as well. Currently I dont have an engine interface
to talk to the TPM. I do the following:
1. generate key pair in the TPM. private key is kept private in the TPM and
public key can be obtained out of the TPM
2. use the public key to generate a CSR (X509_REQ_init(), etc)
3. Get the hash of the CSR (X509_REQ_digest())
4. Pass the digest to the TPM and get back signature
5. Add signature to the CSR - I dont see any way to do this. Is there an
openssl API to perform this step? I dont think I can use X509_REQ_sign()
since that will use the private key provided or if I have an engine
interface then it will call the engine to do the signing. Is there a way to
call sign() and make it call my function that can do the step 4 above?
Thanks!
-kaarthik-
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
