On Sat, Jul 28, 2018, 09:13 Devang Kubavat <digant.kuba...@gmail.com> wrote:
> Hi Kaarhik, > > Please refer https://github.com/ThomasHabets/openssl-tpm-engine. It is > OpenSSL TPM Engine. It will help to offload all crypto operation to TPM. > Is this for tpm2.0? > Regards, > Devang. > > On Tue, Jul 24, 2018 at 4:48 PM, Kaarthik Sivakumar <kaarthik...@gmail.com > > wrote: > >> Hello >> >> I need to create a key pair using a TPM (proprietary) and build a CSR and >> sign it using it the TPM as well. Currently I dont have an engine interface >> to talk to the TPM. I do the following: >> >> 1. generate key pair in the TPM. private key is kept private in the TPM >> and public key can be obtained out of the TPM >> >> 2. use the public key to generate a CSR (X509_REQ_init(), etc) >> >> 3. Get the hash of the CSR (X509_REQ_digest()) >> >> 4. Pass the digest to the TPM and get back signature >> >> 5. Add signature to the CSR - I dont see any way to do this. Is there an >> openssl API to perform this step? I dont think I can use X509_REQ_sign() >> since that will use the private key provided or if I have an engine >> interface then it will call the engine to do the signing. Is there a way to >> call sign() and make it call my function that can do the step 4 above? >> >> Thanks! >> >> -kaarthik- >> >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
