Actually this is not 100% correct. TSS API has function to find key by a BLOB,
so whatever is stored in this file is that BLOB. So, what is in this BLOB I'm
not 100% sure but I assume it is wrapped key. In fact, the modifications I made
to tpmengine was for loading key by UUID, so I would store UUID of the key in
this file instead that is more readable.
----- Original Message -----
> From: "Dmitri Toubelis" <[email protected]>
> To: "eye two are" <[email protected]>
> Cc: [email protected]
> Sent: Thursday, March 24, 2016 10:52:11 AM
> Subject: Re: [TrouSerS-users] Converting a TPM key into RSA struct
> for OpenSSL
> Not exactly but for all practical purposes you can think of it this
> way. The file contains wrapped key that can only be unwrapped by TPM
> using SRK, so it is completely useless for any purpose outside TPM
> since there is no way to extract SRK from TPM.
> ----- Original Message -----
> > From: "eye two are" <[email protected]>
>
> > To: "Dmitri Toubelis" <[email protected]>
>
> > Cc: [email protected]
>
> > Sent: Thursday, March 24, 2016 10:45:45 AM
>
> > Subject: Re: [TrouSerS-users] Converting a TPM key into RSA struct
> > for OpenSSL
>
> > So do you mean that when i save the blob only the public part will
> > be
> > in the file and not the private part of the key?
>
> > On Thu, Mar 24, 2016 at 10:39 PM, Dmitri Toubelis <
> > [email protected] > wrote:
>
> > > Currently, tpmengine require blob of the public key in the file
> > > in
> > > order to load matching private key and I think this is the only
> > > option. So, unless you want to fiddle with tmpengine internals
> > > this
> > > is your only option.
> >
>
> > > > From: "eye two are" < [email protected] >
> > >
> >
>
> > > > To: "Dmitri Toubelis" < [email protected] >
> > >
> >
>
> > > > Sent: Thursday, March 24, 2016 10:16:37 AM
> > >
> >
>
> > > > Subject: Re: [TrouSerS-users] Converting a TPM key into RSA
> > > > struct
> > > > for OpenSSL
> > >
> >
>
> > > > Hi thanks for the reply, i am actually currently using the
> > > > tpmengine
> > > > with OpenSSL but i cant seem to do it without first saving the
> > > > key
> > > > into a file first and then load the file into the engine with
> > > > the
> > > > ENGINE_load_private_key function. I am probably missing
> > > > something,
> > > > so do you know how i can do it without saving the key into a
> > > > file?
> > > > Any example of the code?
> > >
> >
>
> > > > On Thu, Mar 24, 2016 at 9:43 PM, Dmitri Toubelis <
> > > > [email protected] > wrote:
> > >
> >
>
> > > > > The whole idea behind TPM that you not supposed to do that
> > > > > but
> > > > > there
> > > > > are always exceptions. You may be able to extract private key
> > > > > from
> > > > > TPM if it has MIGRATABLE and LEGACY attributes. And then
> > > > > export
> > > > > it
> > > > > and convert into OpenSSL key.
> > > >
> > >
> >
>
> > > > > There is also another option. You could use `tpmengine` with
> > > > > OpenSSL
> > > > > to do what you need without violating security. I personally
> > > > > use
> > > > > this approach but tpmengine requies the key to be created in
> > > > > a
> > > > > very
> > > > > specific way, so I ended up modifying engine code to fit my
> > > > > requirements.
> > > >
> > >
> >
>
> > > > > > From: "eye two are" < [email protected] >
> > > > >
> > > >
> > >
> >
>
> > > > > > To: "Tadd Seiff" < [email protected] >
> > > > >
> > > >
> > >
> >
>
> > > > > > Cc: [email protected]
> > > > >
> > > >
> > >
> >
>
> > > > > > Sent: Thursday, March 24, 2016 3:16:06 AM
> > > > >
> > > >
> > >
> >
>
> > > > > > Subject: Re: [TrouSerS-users] Converting a TPM key into RSA
> > > > > > struct
> > > > > > for OpenSSL
> > > > >
> > > >
> > >
> >
>
> > > > > > But this (assuming it works) will only create a public key.
> > > > > > I
> > > > > > want
> > > > > > to
> > > > > > use the private key with OpenSSL.
> > > > >
> > > >
> > >
> >
>
> > > > > > On Thu, Mar 24, 2016 at 8:40 AM, Tadd Seiff <
> > > > > > [email protected]
> > > > > > >
> > > > > > wrote:
> > > > >
> > > >
> > >
> >
>
> > > > > > > I only have a few minutes and can't guarantee this is
> > > > > > > complete
> > > > > > > or
> > > > > > > tested, but maybe it will help.
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > All you really need is the modulus and exponent from the
> > > > > > > key.
> > > > > > > You
> > > > > > > get
> > > > > > > these via "GetAttribData" in trousers:
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > tss_result = Tspi_GetAttribData(hBind_Key,
> > > > > > > > TSS_TSPATTRIB_RSAKEY_INFO,
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &m_size, &m);
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > tss_result = Tspi_GetAttribData(hBind_Key,
> > > > > > > > TSS_TSPATTRIB_RSAKEY_INFO,
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &e_size, &e);
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > Then something like this:
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > RSA *rsa = RSA_new();
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > rsa->e = BN_bin2bn(e, e_size, rsa->e);
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > rsa->n = BN_bin2bn(m, m_size, rsa->n);
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > -Tadd
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > On Tue, Mar 22, 2016 at 9:12 PM eye two are <
> > > > > > > [email protected]
> > > > > > > >
> > > > > > > wrote:
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > Hi, i am trying to convert a TPM key which i obtained
> > > > > > > > from
> > > > > > > > a
> > > > > > > > particular UUID into an RSA struct to be used with
> > > > > > > > OpenSSL.
> > > > > > > > Does
> > > > > > > > anyone have any example code on how to do it?
> > > > > > > > ------------------------------------------------------------------------------
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > Transform Data into Opportunity.
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > Accelerate data analysis in your applications with
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > Intel Data Analytics Acceleration Library.
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > Click to learn more.
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > > > > > > > _______________________________________________
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > TrouSerS-users mailing list
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > [email protected]
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > > > https://lists.sourceforge.net/lists/listinfo/trousers-users
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
> > > > > > ------------------------------------------------------------------------------
> > > > >
> > > >
> > >
> >
>
> > > > > > Transform Data into Opportunity.
> > > > >
> > > >
> > >
> >
>
> > > > > > Accelerate data analysis in your applications with
> > > > >
> > > >
> > >
> >
>
> > > > > > Intel Data Analytics Acceleration Library.
> > > > >
> > > >
> > >
> >
>
> > > > > > Click to learn more.
> > > > >
> > > >
> > >
> >
>
> > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > > > >
> > > >
> > >
> >
>
> > > > > > _______________________________________________
> > > > >
> > > >
> > >
> >
>
> > > > > > TrouSerS-users mailing list
> > > > >
> > > >
> > >
> >
>
> > > > > > [email protected]
> > > > >
> > > >
> > >
> >
>
> > > > > > https://lists.sourceforge.net/lists/listinfo/trousers-users
> > > > >
> > > >
> > >
> >
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> _______________________________________________
> TrouSerS-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/trousers-users
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
