Hi Kaarhik, Please refer https://github.com/ThomasHabets/openssl-tpm-engine. It is OpenSSL TPM Engine. It will help to offload all crypto operation to TPM.
Regards, Devang. On Tue, Jul 24, 2018 at 4:48 PM, Kaarthik Sivakumar <kaarthik...@gmail.com> wrote: > Hello > > I need to create a key pair using a TPM (proprietary) and build a CSR and > sign it using it the TPM as well. Currently I dont have an engine interface > to talk to the TPM. I do the following: > > 1. generate key pair in the TPM. private key is kept private in the TPM > and public key can be obtained out of the TPM > > 2. use the public key to generate a CSR (X509_REQ_init(), etc) > > 3. Get the hash of the CSR (X509_REQ_digest()) > > 4. Pass the digest to the TPM and get back signature > > 5. Add signature to the CSR - I dont see any way to do this. Is there an > openssl API to perform this step? I dont think I can use X509_REQ_sign() > since that will use the private key provided or if I have an engine > interface then it will call the engine to do the signing. Is there a way to > call sign() and make it call my function that can do the step 4 above? > > Thanks! > > -kaarthik- > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
