Hi,
I want to use TPM for SSL authentication. I have also downloaded the
openssl-tpm-engine.
I am still not sure what this package is trying to do.
Here is what I am thinking to use:
- Use the RSA EK in the TPM for authentication
- Get the Pubic EK and create a CSR to a CA (An internal manufacturing
CA for the server with TPM)
- Provide a unique Id with CSR(Product-ID and Serial Number probably)
- The CA sends the signed Certificate and associated chain
- Install the Certificate Chain in the server's hard drive
During SSL authentication, use TPM for encrypting the data to be sent to
peer with TPM Private EK. The peer can decrypt it with the Public EK which
is part of the certificate.
The tpm engine gets loaded with the openssl, but somehow the whole thing in
openssl_tpm_engine is still not clear to me. I think that this package is
adding a new RSA key and encrypting it with TPM. I also think that this
will work only with self signed certificates.
Can anyone please explain !
Regards
Pankaj Shukla
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
