On Tue, 2016-12-06 at 22:30 +0100, Richard Levitte wrote: > Oh.... > > I think I aired some thoughts on using PEM headers a very long while > ago, but that never came into fruition, among others because I ended > up doubting that it would be the best way in the long run. > > These days, the use of PEM headers is considered old and kinda sorta > deprecated, even though OpenSSL still produces encrypted private key > PEM files that uses headers for the encryption metadata. It seems > that PKCS#8 is prefered "out there". > > So I have to wonder, is PEM really the right way to go for this? > Would it be just as possible to wrap a TSS key with a PKCS#8 > container, and use the associated attributes for the external data? > Just a thought, though... I can't do more than throw around ideas, > considering how little I know about TPM.
I would definitely suggest that we *don't* want to do it with PEM headers. Just put the additional information into the binary ASN.1 structure. The 2.0 version of the TssBlob (from §3.23 of the 1.2 spec) should hopefully contain all the auxiliary information we need, without having to stick it in PEM headers. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev