We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
if the specs alteast here mentions a "description" field which can get encoded into PEM tpm keys:
However, it looks like that if the key contains that field, the provider fails outright.
this bug is to support reading in keys with that field:
$ openssl version OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024) $ cat private.pem -----BEGIN TSS2 PRIVATE KEY----- MIICHAYGZ4EFCgEDoAMBAf+kBgwEZm9vbwIEQAAAAQSCARoBGAABAAsABAByAAAA EAAUAAsIAAABAAEBAMM+R7HEMaRrnv2Ekhe15UN63VTk4Uvo4uHLumS6sIKM0/l2 0WcJLDvh53zVCx1wYdOgQbGAR/wlU82E5BhFzeMotc03KVeIFffQ2+Aj2qYPSA1X 6kEZ3yGgQnPE/wNQP0gxFh8ZDfSJiSocPLuPMXxOrmuBzKRgqJ+HNe9XFZFx02Sc cM1A8lH5XvvqxAWvgT+pBEZIjjEf+AlkXS+LdyaSYxRBwriS65UTfYbu5PdDa5ip /EMZKSpnu+8k8fip5T1K5bbSGGXkt6F3bz7ScO3DUF1p2xPtxRDOG8L2pgeecteu YwrGsT+PUAQFcg2iSefX7RcwiwEFPWjpbQ/AN0MEgeAA3gAgxm9uFbP9VM3hmiwb pC0uaZq0/C3raGyPSZkaAJb0LLwAEKxk5HjUkkmnFOZO0t/MqOnYl+9xz1txLT87 pDvUCR6sf3FbQBGvHMV//iu2Nqu7D6+P5hgQiWvqsfxXcX8P9Fz6/2RbrPTLxYB4 jRw4lv8In/kzpTJavgK+CLlgWd5IxVS2lxY6yg8GYKh/7MTNfdwzq2S9jRZoWv8/ e1fthed2sDYTFhTtrWVXbAMCuy2D0NV7gF25jTFs6CLAhL63FI6XHY8cqaV0vOv1 H5TmuZ4cWdKyOagdW/Z+6A== -----END TSS2 PRIVATE KEY----- $ openssl asn1parse -inform PEM -in private.pem 0:d=0 hl=4 l= 540 cons: SEQUENCE 4:d=1 hl=2 l= 6 prim: OBJECT :2.23.133.10.1.3 12:d=1 hl=2 l= 3 cons: cont [ 0 ] 14:d=2 hl=2 l= 1 prim: BOOLEAN :255 17:d=1 hl=2 l= 6 cons: cont [ 4 ] 19:d=2 hl=2 l= 4 prim: UTF8STRING :fooo <<<<<<<<<<<<<<<<<<<<<<<<<<<<< 25:d=1 hl=2 l= 4 prim: INTEGER :40000001 31:d=1 hl=4 l= 282 prim: OCTET STRING [HEX DUMP]
if you try to read in the key, you'll see
$ openssl rsa -provider tpm2 -provider default -in private.pem --text Could not read private key from private.pem 40C7EFD7647D0000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:../crypto/store/store_result.c:151:
if you want to generate a new key, i wroteup a small analog for tpm2tss-genkey here in go
tpm2tss-genkey
The text was updated successfully, but these errors were encountered:
No branches or pull requests
if the specs alteast here mentions a "description" field which can get encoded into PEM tpm keys:
However, it looks like that if the key contains that field, the provider fails outright.
this bug is to support reading in keys with that field:
$ openssl version OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024) $ cat private.pem -----BEGIN TSS2 PRIVATE KEY----- MIICHAYGZ4EFCgEDoAMBAf+kBgwEZm9vbwIEQAAAAQSCARoBGAABAAsABAByAAAA EAAUAAsIAAABAAEBAMM+R7HEMaRrnv2Ekhe15UN63VTk4Uvo4uHLumS6sIKM0/l2 0WcJLDvh53zVCx1wYdOgQbGAR/wlU82E5BhFzeMotc03KVeIFffQ2+Aj2qYPSA1X 6kEZ3yGgQnPE/wNQP0gxFh8ZDfSJiSocPLuPMXxOrmuBzKRgqJ+HNe9XFZFx02Sc cM1A8lH5XvvqxAWvgT+pBEZIjjEf+AlkXS+LdyaSYxRBwriS65UTfYbu5PdDa5ip /EMZKSpnu+8k8fip5T1K5bbSGGXkt6F3bz7ScO3DUF1p2xPtxRDOG8L2pgeecteu YwrGsT+PUAQFcg2iSefX7RcwiwEFPWjpbQ/AN0MEgeAA3gAgxm9uFbP9VM3hmiwb pC0uaZq0/C3raGyPSZkaAJb0LLwAEKxk5HjUkkmnFOZO0t/MqOnYl+9xz1txLT87 pDvUCR6sf3FbQBGvHMV//iu2Nqu7D6+P5hgQiWvqsfxXcX8P9Fz6/2RbrPTLxYB4 jRw4lv8In/kzpTJavgK+CLlgWd5IxVS2lxY6yg8GYKh/7MTNfdwzq2S9jRZoWv8/ e1fthed2sDYTFhTtrWVXbAMCuy2D0NV7gF25jTFs6CLAhL63FI6XHY8cqaV0vOv1 H5TmuZ4cWdKyOagdW/Z+6A== -----END TSS2 PRIVATE KEY----- $ openssl asn1parse -inform PEM -in private.pem 0:d=0 hl=4 l= 540 cons: SEQUENCE 4:d=1 hl=2 l= 6 prim: OBJECT :2.23.133.10.1.3 12:d=1 hl=2 l= 3 cons: cont [ 0 ] 14:d=2 hl=2 l= 1 prim: BOOLEAN :255 17:d=1 hl=2 l= 6 cons: cont [ 4 ] 19:d=2 hl=2 l= 4 prim: UTF8STRING :fooo <<<<<<<<<<<<<<<<<<<<<<<<<<<<< 25:d=1 hl=2 l= 4 prim: INTEGER :40000001 31:d=1 hl=4 l= 282 prim: OCTET STRING [HEX DUMP]if you try to read in the key, you'll see
$ openssl rsa -provider tpm2 -provider default -in private.pem --text Could not read private key from private.pem 40C7EFD7647D0000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:../crypto/store/store_result.c:151:if you want to generate a new key, i wroteup a small analog for
tpm2tss-genkeyhere in goThe text was updated successfully, but these errors were encountered: