Hi TLS 1.3 dropped support for all PKCS#1 v1.5 based RSA signature schemes (in favour of PSS based onces). Since TPM 1.2 is built around the before mentioned schemes, I'm struggling to get client authentication working with TLS 1.3 in combination with TPM 1.2.
The best Idea I came up with so far was to try to leverage UnBind. According to the TPM 1.2 Spec (Part 3 - Commands). UnBind should apply an RSA Private Key Operation without performing any further checks, if the encryption scheme is set to ES_NONE. Since RSA decrypt and RSA sign are, with all the checks and padding stripped away, identical. This should work perfectly. Sadly, I didn’t manage to create a key with key usage BIND and ES_NONE set. The TPM always rejects all my request with invalid key param. I’m hoping to get some advice on how to generate a key or a reference to a spec where the valid use cases for ES_NONE are defined. Thanks Andreas _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
