I wrote those patches for my own needs but I don't think they were accepted in
mainstream. The mainstream also has some mechanism to use well-known key but I
couldn't make it work, so I wrote my own implementation which is stripped
version of mainstream. If you want to use it then you better build the package
directly from my fork at
https://sourceforge.net/u/dtoubelis/trousers/ci/master/tree/.
Few things to keep in mind though. Make sure your openssl version is 1.0.0 or
higher. I tried it with openssl-0.9.8x and 0,9.8y and it fails because of some
subtle bug in openssl. Make sure that library is in the correct place and
openssl can see it. Here is an example:
# openssl engine tpm -vvvv
(tpm) TPM hardware engine support
SO_PATH: Specifies the path to the libtspi.so shared library
(input flags): STRING
Once all this working all you need to do is to pass key file and engine name to
openssl commands. I never tried using openssl configuration file myself, so I
cannot tell if what you are using is correct or not.
Also when creating the key, do not use SHA1 signature scheme - it is broken.
One more thing - if you are creating TPM key in another application (not with
the provided utility) the key must be of type LEGACY and located directly under
SRK.
Hope this helps.
----- Original Message -----
> From: "Thiago A. V. Lima" <[email protected]>
> To: [email protected]
> Sent: Saturday, May 24, 2014 7:28:00 PM
> Subject: [TrouSerS-users] libopenssl_tpm_engine and well known secret
> Hello all.
> After using the patch provided here [1], I was able to create tpm
> keys using the well known secret as SRK. The problem, now, is how to
> do that when using the engine. I tried one of the patches provided
> by [2], but although the option is set in my openssl.cnf file, it's
> being completely ignored. Any help is really appreciated.
> Here is what I'm trying to do:
> > openssl req -new -x509 -out caroot.pem -key caroot.key -subj
> > REDACTED_OUT -config openssl.cnf -days 365000 -keyform engine
> > -engine tpm
>
> and my openssl.cnf:
> > # Custom engine
>
> > engines = engines_section
>
> > [engines_section]
>
> > tpm = engine_libtpm
>
> > [engine_libtpm]
>
> > dynamic_path = /usr/local/lib/openssl/engines/libtpm.so
>
> > default_algorithms = ALL
>
> > engine_id = tpm
>
> > init = 1
>
> > WELL_KNOWN
>
> [1] http://sourceforge.net/p/trousers/feature-requests/38/
> [2] http://sourceforge.net/p/trousers/feature-requests/39/
> Thanks in advance,
> --
> Thiago Augusto V. Lima
> Computer Engineer @ CIn - UFPE - Brazil
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For
> FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform
> available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> TrouSerS-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/trousers-users
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
