On Fri, Jun 04, 2010, Martin Gwerder wrote: > Hi Stephen > > Unfortunately TPMs are in my environment not as common as they should be > (In large company they try hardly to safe money -- sometimes with fun > thing such as asking for non standard flavours of boxes without > RAID-Controllers ["we can use SW raid"] or TPM modules ["noone uses them > anyway"]). >
Erm, I didn't mention TPMs. The email below was misquoted. > > > > On Thu, 2010-06-03 at 18:04 +0200, Dr. Stephen Henson wrote: > >> If you mean private key security then this makes more sense. > >> > >> OpenSSL includes means to secure private keys through the ENGINE > >> interface. > >> There are some built in which can use external private keys (e.g. > >> Windows CSPs > >> or Chil HSMs). > > > > As part of the TrouSerS project there is an OpenSSL engine which > > provides secure private-key storage. > > > > A TPM is present on a reasonable number of machines these days. > > > >> It only requires a few calls to make use of a private key in an ENGINE > >> after > >> that usage is almost transparent. However at present very applications > >> support > >> that. We could (and indeed I've planned for a while) make that easier to > >> do > >> without needing application modification. > > > > It's not just engine keys. It's bad enough when you just want to be able > > to load PEM or PKCS#12 keys. Making that work better would be extremely > > useful. > > > > -- > > dwmw2 > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > Development Mailing List [email protected] > > Automated List Manager [email protected] > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
