[gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Jul 12 07:24:18 CEST 2019

Nikos Mavrogiannopoulos commented:

> Both OpenSSL ENGINEs (the TCG tss2-tpm-engine and James's IBM TSS openssl_tpm2_engine) create them. Only the latter can do so by wrapping existing keys; the TCG one is limited to creating new keys.

> A standalone tool to convert the bare pub and priv blobs and additional metadata into this form would also be a useful contribution to the TCG tools. We have also talked about making the TCG PKCS#11 capable of exporting and importing keys in this form.

Ideally `tpm2-tools` output this form, so that a user doesn't need to figure out what to do with the output file. For the purpose of gnutls we can modify `certtool` to do this conversion but that is a usability nightmare.

> You have made me want to clean up some of the duplication and some of the gratuitous differences between my TCG and IBM implementations. Should I do that now or wait for what you are doing?

I'm only using the TCG implementation in that branch due to license.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_191052573
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190712/1fa3b20d/attachment-0001.html>

More information about the Gnutls-devel mailing list