Jason Gunthorpe <jguntho...@obsidianresearch.com> wrote on 01/04/2017
01:54:34 PM:
> We don't need the algorithm in the TPM. We just need to be able to RSA
> sign an arbitary OID + externally computed hash like TPM 1.2 could.
>
> What is the recommended way to create a key with a sign-only intent
> that can be used with arbitary OID + computed hash?
Probably the long-term correct way is to go to the TCG and ask for a
new feature. However, this is (often certified) hardware, so the turn
around is likely to be a year.
> James is proposing using the Decrypt op to do this job.
That works. I've coded it. However, the key doesn't have
"sign only intent", in that the caller not only provides the OID
but also provides the padding.
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
TrouSerS-tech mailing list
TrouSerS-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-tech
