Not exactly but for all practical purposes you can think of it this way. The
file contains wrapped key that can only be unwrapped by TPM using SRK, so it is
completely useless for any purpose outside TPM since there is no way to extract
SRK from TPM.
----- Original Message -----
> From: "eye two are" <[email protected]>
> To: "Dmitri Toubelis" <[email protected]>
> Cc: [email protected]
> Sent: Thursday, March 24, 2016 10:45:45 AM
> Subject: Re: [TrouSerS-users] Converting a TPM key into RSA struct
> for OpenSSL
> So do you mean that when i save the blob only the public part will be
> in the file and not the private part of the key?
> On Thu, Mar 24, 2016 at 10:39 PM, Dmitri Toubelis <
> [email protected] > wrote:
> > Currently, tpmengine require blob of the public key in the file in
> > order to load matching private key and I think this is the only
> > option. So, unless you want to fiddle with tmpengine internals this
> > is your only option.
>
> > > From: "eye two are" < [email protected] >
> >
>
> > > To: "Dmitri Toubelis" < [email protected] >
> >
>
> > > Sent: Thursday, March 24, 2016 10:16:37 AM
> >
>
> > > Subject: Re: [TrouSerS-users] Converting a TPM key into RSA
> > > struct
> > > for OpenSSL
> >
>
> > > Hi thanks for the reply, i am actually currently using the
> > > tpmengine
> > > with OpenSSL but i cant seem to do it without first saving the
> > > key
> > > into a file first and then load the file into the engine with the
> > > ENGINE_load_private_key function. I am probably missing
> > > something,
> > > so do you know how i can do it without saving the key into a
> > > file?
> > > Any example of the code?
> >
>
> > > On Thu, Mar 24, 2016 at 9:43 PM, Dmitri Toubelis <
> > > [email protected] > wrote:
> >
>
> > > > The whole idea behind TPM that you not supposed to do that but
> > > > there
> > > > are always exceptions. You may be able to extract private key
> > > > from
> > > > TPM if it has MIGRATABLE and LEGACY attributes. And then export
> > > > it
> > > > and convert into OpenSSL key.
> > >
> >
>
> > > > There is also another option. You could use `tpmengine` with
> > > > OpenSSL
> > > > to do what you need without violating security. I personally
> > > > use
> > > > this approach but tpmengine requies the key to be created in a
> > > > very
> > > > specific way, so I ended up modifying engine code to fit my
> > > > requirements.
> > >
> >
>
> > > > > From: "eye two are" < [email protected] >
> > > >
> > >
> >
>
> > > > > To: "Tadd Seiff" < [email protected] >
> > > >
> > >
> >
>
> > > > > Cc: [email protected]
> > > >
> > >
> >
>
> > > > > Sent: Thursday, March 24, 2016 3:16:06 AM
> > > >
> > >
> >
>
> > > > > Subject: Re: [TrouSerS-users] Converting a TPM key into RSA
> > > > > struct
> > > > > for OpenSSL
> > > >
> > >
> >
>
> > > > > But this (assuming it works) will only create a public key. I
> > > > > want
> > > > > to
> > > > > use the private key with OpenSSL.
> > > >
> > >
> >
>
> > > > > On Thu, Mar 24, 2016 at 8:40 AM, Tadd Seiff <
> > > > > [email protected]
> > > > > >
> > > > > wrote:
> > > >
> > >
> >
>
> > > > > > I only have a few minutes and can't guarantee this is
> > > > > > complete
> > > > > > or
> > > > > > tested, but maybe it will help.
> > > > >
> > > >
> > >
> >
>
> > > > > > All you really need is the modulus and exponent from the
> > > > > > key.
> > > > > > You
> > > > > > get
> > > > > > these via "GetAttribData" in trousers:
> > > > >
> > > >
> > >
> >
>
> > > > > > > tss_result = Tspi_GetAttribData(hBind_Key,
> > > > > > > TSS_TSPATTRIB_RSAKEY_INFO,
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &m_size, &m);
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > tss_result = Tspi_GetAttribData(hBind_Key,
> > > > > > > TSS_TSPATTRIB_RSAKEY_INFO,
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &e_size, &e);
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > Then something like this:
> > > > >
> > > >
> > >
> >
>
> > > > > > > RSA *rsa = RSA_new();
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > rsa->e = BN_bin2bn(e, e_size, rsa->e);
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > rsa->n = BN_bin2bn(m, m_size, rsa->n);
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > -Tadd
> > > > >
> > > >
> > >
> >
>
> > > > > > On Tue, Mar 22, 2016 at 9:12 PM eye two are <
> > > > > > [email protected]
> > > > > > >
> > > > > > wrote:
> > > > >
> > > >
> > >
> >
>
> > > > > > > Hi, i am trying to convert a TPM key which i obtained
> > > > > > > from
> > > > > > > a
> > > > > > > particular UUID into an RSA struct to be used with
> > > > > > > OpenSSL.
> > > > > > > Does
> > > > > > > anyone have any example code on how to do it?
> > > > > > > ------------------------------------------------------------------------------
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > Transform Data into Opportunity.
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > Accelerate data analysis in your applications with
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > Intel Data Analytics Acceleration Library.
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > Click to learn more.
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > > > > > > _______________________________________________
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > TrouSerS-users mailing list
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > [email protected]
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > https://lists.sourceforge.net/lists/listinfo/trousers-users
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > ------------------------------------------------------------------------------
> > > >
> > >
> >
>
> > > > > Transform Data into Opportunity.
> > > >
> > >
> >
>
> > > > > Accelerate data analysis in your applications with
> > > >
> > >
> >
>
> > > > > Intel Data Analytics Acceleration Library.
> > > >
> > >
> >
>
> > > > > Click to learn more.
> > > >
> > >
> >
>
> > > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > > >
> > >
> >
>
> > > > > _______________________________________________
> > > >
> > >
> >
>
> > > > > TrouSerS-users mailing list
> > > >
> > >
> >
>
> > > > > [email protected]
> > > >
> > >
> >
>
> > > > > https://lists.sourceforge.net/lists/listinfo/trousers-users
> > > >
> > >
> >
>
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
