Re: [TrouSerS-users] Getting RSA-PSS to TPM 1.2

Sun, 10 Feb 2019 10:33:21 -0800 

Hi David
Thank you for your efforts. I will try Ken’s implementation (https://sourceforge.net/projects/ibmswtpm/) and report back. 

Andreas

Am 10.02.19 um 18:26 schrieb David Challener:

Trying again. Note: trousers has some limitations that kens tools do not have.


On Sun, Feb 10, 2019, 12:00 PM David Challener <[email protected] 
<mailto:[email protected]> wrote:


    I also shoild not that kens tools may not have the limitations that trousers
    has. I would suggest trying them.

    On Thu, Jan 31, 2019, 9:57 AM David Challener <[email protected]
    <mailto:[email protected]> wrote:

        I mean of TSs not tpm.

        On Thu, Jan 31, 2019, 7:56 AM David Challener
        <[email protected] <mailto:[email protected]> wrote:

            My guess is that it is a limitation of the TSs not of trousers, but
            Ken should answer

            On Tue, Jan 29, 2019, 5:18 PM <[email protected]
            <mailto:[email protected]> wrote:

                Hi

                TLS 1.3 dropped support for all PKCS#1 v1.5 based RSA signature
                schemes (in
                favour of PSS based onces). Since TPM 1.2 is built around the
                before mentioned
                schemes, I'm struggling to get client authentication working
                with TLS 1.3 in
                combination with TPM 1.2.

                The best Idea I came up with so far was to try to leverage
                UnBind. According to
                the TPM 1.2 Spec (Part 3 - Commands). UnBind should apply an RSA
                Private Key
                Operation without performing any further checks, if the
                encryption scheme is set
                to ES_NONE. Since RSA decrypt and RSA sign are, with all the
                checks and padding
                stripped away, identical. This should work perfectly.

                Sadly, I didn’t manage to create a key with key usage BIND and
                ES_NONE set. The
                TPM always rejects all my request with invalid key param.

                I’m hoping to get some advice on how to generate a key or a
                reference to a spec
                where the valid use cases for ES_NONE are defined.

                Thanks
                Andreas



                _______________________________________________
                TrouSerS-users mailing list
                [email protected]
                <mailto:[email protected]>
                https://lists.sourceforge.net/lists/listinfo/trousers-users







Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users






















					Reply via email to