On Thu, 2016-12-08 at 15:56 -0800, James Bottomley wrote: > On Thu, 2016-12-08 at 23:44 +0000, David Woodhouse wrote: > > On Tue, 2016-12-06 at 22:30 +0100, Richard Levitte wrote: > > > Oh.... > > > > > > I think I aired some thoughts on using PEM headers a very long > > > while > > > ago, but that never came into fruition, among others because I > > > ended > > > up doubting that it would be the best way in the long run. > > > > > > These days, the use of PEM headers is considered old and kinda > > > sorta > > > deprecated, even though OpenSSL still produces encrypted private > > > key > > > PEM files that uses headers for the encryption metadata. It > > > seems > > > that PKCS#8 is prefered "out there". > > > > > > So I have to wonder, is PEM really the right way to go for this? > > > Would it be just as possible to wrap a TSS key with a PKCS#8 > > > container, and use the associated attributes for the external > > > data? > > > Just a thought, though... I can't do more than throw around > > > ideas, > > > considering how little I know about TPM. > > > > I would definitely suggest that we *don't* want to do it with PEM > > headers. Just put the additional information into the binary ASN.1 > > structure. > > Which evil is lesser? If we put it in ASN.1 we'll be defining our > own > instead of using the TSS defined one. If we use headers, we can put > the extra data in them and use the TSS defined ASN.1 for the key > blob. > > > The 2.0 version of the TssBlob (from ยง3.23 of the 1.2 spec) should > > hopefully contain all the auxiliary information we need, without > > having to stick it in PEM headers. > > Which of the many specs is this?
I'm guessing you mean this: https://www.trustedcomputinggroup.org/wp-content/uploads/TSS_Version_1.2_Level_1_FINAL.pdf ? It still doesn't tell you who the expected parent of the key would be, which is the problem I'm currently trying to solve. James
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev