Well I can't help with the OpenSSL (not OpenSSH!?) problem, I've never used that engine business. People only post here when it doesn't work, and I seldom see fixes, so for all I know it never works! Just kidding, surely it must work sometimes, right? Right?
What I can say is I don't think your endgame will work of converting to a GPG/PGP key. That would require GnuPG to have TPM support built in, and I don't think it does. OpenSSL has the TPM engine which theoretically knows how to use the TPM with those keys, but there is no equivalent with GPG. Hal Finney On Thu, Sep 9, 2010 at 8:35 PM, <[email protected]> wrote: > I'm trying to create an OpenSSH key, derived from the TPM chip. I'm sure > my method is quite contrived, but I'm pressing on anyways. Except, I'm > stuck at this error, which I don't know how to get around. I try > following the README[1]. > > I can generate the tpm key fine: > > $ create_tpm_key tpm.key > SRK Password: > Success. > > But when I try to create the SSL cert, I get an 'unsupported algorithm' > error. (I used all default values for OpenSSL, as I'm just messing > around at the moment.) > > $ openssl req -keyform engine -engine tpm -key tpm.key -new -x509 -days > 265 -out cert > engine "tpm" set. > SRK authorization: > You are about to be asked to enter information that will be incorporated > into your certificate request. > What you are about to enter is what is called a Distinguished Name or a DN. > There are quite a few fields but you can leave some blank > For some fields there will be a default value, > If you enter '.', the field will be left blank. > ----- > Country Name (2 letter code) [AU]: > State or Province Name (full name) [Some-State]: > Locality Name (eg, city) []: > Organization Name (eg, company) [Internet Widgits Pty Ltd]: > Organizational Unit Name (eg, section) []: > Common Name (eg, YOUR name) []: > Email Address []: > problems making Certificate Request > 140681037248168:error:0B07806F:x509 certificate > routines:X509_PUBKEY_set:unsupported algorithm:x_pubkey.c:118: > > By the way, if anyone is interested in how I was planning on converting > the OpenSSL certificate, I was planning on following [2], for better or > for worse. And, using that guide, I was hoping to generate a GPG key, > and actually start using PGP keys. > > [1]: > http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/openssl_tpm_engine;a=blob;f=README > [2]: > http://sysmic.org/dotclear/index.php?post/2010/03/24/Convert-keys-betweens-GnuPG%2C-OpenSsh-and-OpenSSL > > > ------------------------------------------------------------------------------ > Automate Storage Tiering Simply > Optimize IT performance and efficiency through flexible, powerful, > automated storage tiering capabilities. View this brief to learn how > you can reduce costs and improve performance. > http://p.sf.net/sfu/dell-sfdev2dev > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users > ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
