On Wed, Jan 04, 2017 at 01:48:44PM -0500, Kenneth Goldman wrote: > Jason Gunthorpe <jguntho...@obsidianresearch.com> wrote on 01/03/2017 > 07:42:17 PM: > > > ... but my current TPM doesn't understand > > > anything other than sha1 or sha256, so it wouldn't allow more state > of > > > the art algorithms like sha224, sha384 or sha512 either. > > > > Okay, yes, that is horrible :( If it is that bad it might not be worth > > the effort.
> The place to ask for new algorithms is the TCG's Device Driver > WG. It's an odd WG name, but this is the WG where the TPM > mandatory algorithms are specified. A real, commercial use case > will likely be an effective argument, since these are resource > constrained and cost sensitive. SHA-384 and SHA-512 are > currently optional, which traditionally means they won't be > implemented. We don't need the algorithm in the TPM. We just need to be able to RSA sign an arbitary OID + externally computed hash like TPM 1.2 could. What is the recommended way to create a key with a sign-only intent that can be used with arbitary OID + computed hash? James is proposing using the Decrypt op to do this job. Jason ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ TrouSerS-tech mailing list TrouSerS-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/trousers-tech
