On Thu, Apr 11, 2019 at 08:19:57PM +0000, Fuchs, Andreas wrote:
- You need to somehow tell openssl to use "keyform =
Unfortunately, I don't currently know how to do this using the openssl.cnf
Once we merge PR https://github.com/tpm2-software/tpm2-tss-engine/pull/89
The loading of keys should work without the "keyform = engine" settings.
Until then, I'm unsure how exactly this can be managed.
That looks promising. So can I asume that with keyform = engine an
existing client can use the engine without additional code changes? I'll
try to find out if I can set the keyform parameter in the ssl config.
- The engine already support ECDSA. Have a look at the -alg
Oh. I was irritated by
root@sun8i:/etc/mosquitto# openssl engine -c -vvvv -t tpm2tss
(tpm2tss) TPM2-TSS engine for OpenSSL
which indicates it does support only RSA?
- An wrt documentation: I'd appreciate anything you seem fit.
Preferably as PullRequest or as Issue on github. Emails just allways
OK I'll look into this but don't know enough yet about the tpm to
describe the key protection in more detail. But I think I can come up
with a note that hopefully would prevent the questions I asked for
someone coming later :-)
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office(a)runtux.com