Jason Gunthorpe <[email protected]> wrote on 01/04/2017
01:54:34 PM:
> We don't need the algorithm in the TPM. We just need to be able to RSA
> sign an arbitary OID + externally computed hash like TPM 1.2 could.
>
> What is the recommended way to create a key with a sign-only intent
> that can be used with arbitary OID + computed hash?
Probably the long-term correct way is to go to the TCG and ask for a
new feature. However, this is (often certified) hardware, so the turn
around is likely to be a year.
> James is proposing using the Decrypt op to do this job.
That works. I've coded it. However, the key doesn't have
"sign only intent", in that the caller not only provides the OID
but also provides the padding.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
tpmdd-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
