On Tue, 2016-11-22 at 13:48 +0100, Richard Levitte wrote: > Mm... I'm not sure I agree with the method, passing a BIO for the > key_id. I would much rather have seen a patch where OpenSSL's PEM > module is tought to recognise 'BEGIN TSS KEY BLOB', pull out the blob > from it, securing it somehow (since key_id is expected to be be NUL > terminated) and pass that to the engine.
Agreed. > My vote goes to a URI based spec rather than bastardising PEM files. > I understand this kinda throws years of developmemt out the window, > but there you have it. I think we need both. We need the URI for the keys stored *in* the TPM where we just need to reference them. And we need (non-bastardised) PEM files with TPM-wrapped key blobs. The latter is what the engine supports right now (by filename only). -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
