[gnutls-devel] GnuTLS | Port openconnect TPM2 code (!1460)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Sep 28 13:25:56 CEST 2021




David Woodhouse commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1460#note_688887982

> I tried, but it was not possible; maybe I'm missing something. See the reproducer at https://gitlab.com/gnutls/gnutls/-/issues/594#note_651399228

Er, I don't think that "reproducer" is showing what you think it is. That's just demonstrating what I'm *complaining* about here. In that link we see you creating a key with a parent generated one way, and then failing to load it when you generated the parent differently. Yes, that is well known; you can only load the key using the *same* parent. If you try to use *different* parent, that doesn't work.

Even if you keep the key type the same and just vary the flags, like the FixedTPM and FixedParent flags, that still results in a different and incompatible key.

That incompatibility is precisely *why* you have to stick to the exact parameters (including key type) that is defined as part of the key storage format!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1460#note_688887982
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210928/26e11dd6/attachment.html>


More information about the Gnutls-devel mailing list