Re: [openssl-users] OpenSSL engine and TPM usage.

Hi Jayalakshmi, Is your implementation OSS or intellectual property? If it is OSS can you please provide the URL? Regards, Freemon On Wed, Oct 25, 2017 at 1:06 PM, Jayalakshmi bhat < bhat.jayalaks...@gmail.com> wrote: > Hi All, > > Our device uses TPM to protect certificate private keys. We

Re: [openssl-users] Hardware client certificates moving to Centos 7

FIPS mode is a policy decision in my opinion also but since RedHat prides itself in security e.g. SELinux, etc. I believe that is a RedHat decision as opposed to the OpenSSL community. The alternative would be to use a different Linux distro like Ubuntu, etc. which does not compile their OpenSSL

Re: [openssl-users] Hardware client certificates moving to Centos 7

Not sure if this helps but the native installation for CentOS7 by default installs OpenSSL with FIPS mode compiled in which means deprecated algorithms such as MD5 and the like will not work. If you tried to generate a certificate you should have received an error or not have seen that algorithm

Re: [openssl-users] OpenSSL Engine for TPM

Agreed. I can't speak for the gentleman that originated this thread but in my context the use case would be to store the keys/certs within the TPM that's all. Regards, Freemon On Fri, Jul 7, 2017 at 12:03 PM, Blumenthal, Uri - 0553 - MITLL < u...@ll.mit.edu> wrote: > And in most cases (except

Re: [openssl-users] OpenSSL Engine for TPM

I would personally love to see an implementation of this as well for OpenSSL. However in the interim you can see how these libraries were referenced to insert keys into the TPM for OpenSSH. Our team here has also verified this works nicely. Perhaps this can be extended if you do not wish to work

[openssl-users] x509 extension support

Hello, Can anyone help me in discerning which version of openssl supports sbgp-autonomousSysNum and sbgp-ipAddrBlock? If it has been deprecated then providing the alternative would be greatly appreciated. A sample openssl.cnf is provided below. When I perform a request for req it fails because

[openssl-users] x509 extension support

Hello, Can anyone help me in discerning which version of openssl supports sbgp-autonomousSysNum and sbgp-ipAddrBlock? If it has been deprecated then providing the alternative would be greatly appreciated. A sample openssl.cnf is provided below. When I perform a request for req it fails because

[openssl-users] x509 extension support

Hello, Can anyone help me in discerning which version of openssl supports sbgp-autonomousSysNum and sbgp-ipAddrBlock? If it has been deprecated then providing the alternative would be greatly appreciated. A sample openssl.cnf is provided below. When I perform a request for req it fails because