I have a query regarding the TLS 1.3 handshake message exchange. Please
provide your comments.
With TLS 1.3, I see that Application Data Protocol message is sent from the
server side and client side (using wireshark) during the handshake. I am
only performing handshake and not doing any read writ
Agreed. I can't speak for the gentleman that originated this thread but in
my context the use case would be to store the keys/certs within the TPM
that's all.
Regards,
Freemon
On Fri, Jul 7, 2017 at 12:03 PM, Blumenthal, Uri - 0553 - MITLL <
u...@ll.mit.edu> wrote:
> And in most cases (except th
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Blumenthal, Uri - 0553 - MITLL
> Sent: Friday, July 07, 2017 10:03
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] OpenSSL Engine for TPM
>
> And in most cases (except those involving TPM-based platform
And in most cases (except those involving TPM-based platform attestation, which
I don’t think has anything to do with OpenSSL use cases), a separate hardware
token (like a smartcard, or an HSM) would IMHO be a much better and more usable
choice. PKCS#11 engine (libp11) to access those is quite
I would personally love to see an implementation of this as well for
OpenSSL. However in the interim you can see how these libraries were
referenced to insert keys into the TPM for OpenSSH. Our team here has also
verified this works nicely. Perhaps this can be extended if you do not wish
to work wi
> agreed, but this engine does not really put the keys inside the TPM -
> instead it sets up a local repository that is encrypted
> using a key from the TPM. If you look at the way it is designed, it is not
> really secure (as it's not impossible to find the
> password that was used to encrypt
Hi,
On 06/07/17 06:39, Christian Hohnstädt wrote:
The trousers project has one.
https://sourceforge.net/projects/trousers/files/OpenSSL%20TPM%20Engine/
agreed, but this engine does not really put the keys inside the TPM - instead it sets up a local repository that is encrypted
using a key fr
