Re: [TrouSerS-users] TPM's generated public key usage on openssl

Promila Jangra Wed, 12 Apr 2017 01:47:46 -0700

Hello Ken

Thank you for responding. I also implement the same and posting the code
below. But still I got wrong verification result. RSA_verify API return
zero for the same input signature verification. Please correct me if I am
doing something wrong. If you have sample code then share the same.


To get the TPM public key modulus and exponent-
result=Tspi_Key_CreateKey(hSigning_Key,hSRK,0);

result = Tspi_GetAttribData(hSigning_Key, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &pubKeyModulusLen, &pubKeyModulus);

result = Tspi_GetAttribData(hSigning_Key, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &pubKeyExponentLen, &pubKeyExponent);

To construct the RSA key pair using opnessl:
RSA *rsa = RSA_new();
rsa->e = BN_bin2bn(pubKeyExponent, pubKeyExponentLen, rsa->e);
rsa->n = BN_bin2bn(pubKeyModulus, pubKeyModulusLen, rsa->n);

SHA1(data, strlen(data)+1, hash);

ret = RSA_verify(NID_sha1, hash, SHA256_DIGEST_LENGTH,
signature,signatureLength, rsa);






On 11 April 2017 at 19:05, Ken Goldman <[email protected]> wrote:

> On 4/11/2017 1:03 AM, Promila Jangra wrote:
> > Hello all
> >
> > I am doing an activity based using TPM 1.2 and openssl.
> > First, I'll generate signature using TPM and after that verify the same
> > using openssl.
> > But there is issue regarding the key compatibility between TPM and
> > openssl. I want to use TPM generated public key to verify the signature
> > through openssl.
> >
> > Do anybody have an idea about the usage of TPM generated public key to
> > perform any operation on openssl
>
> It's certainly possible, but a bit messy.  You have to use the TPM
> public key as a binary array, plus the default exponent, to construct an
> openssl "RSA" key token.
>
> It's a bit different for openssl 1.0 and 1.1, and for TPM 1.2 and TPM
> 2.0, but I can point you to sample code if this post isn't enough.
>
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> TrouSerS-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/trousers-users
>



-- 

Thanks & Regards

Promila Jangra

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users

Re: [TrouSerS-users] TPM's generated public key usage on openssl

Reply via email to