public inbox for tpm2@lists.linux.dev
 help / color / mirror / Atom feed
From: Petr Gotthard <petr.gotthard at centrum.cz>
To: tpm2@lists.01.org
Subject: [tpm2] Re: {External} Re: OpenSSL 3 and tpm2 provider...
Date: Tue, 26 Apr 2022 14:20:24 +0200	[thread overview]
Message-ID: <20220426142024.E81B1820@centrum.cz> (raw)
In-Reply-To: DS7PR03MB55763190258B91401A7D93EA9AFB9@ds7pr03mb5576.namprd03.prod.outlook.com

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

Oh, I never tested the `openssl cms` commands. There may be something missing from the OpenSSL. What CMS functions you need? Could you please suggest a sequence of openssl (and other commands) to verify all required CMS functions? Something like a new (set of) test(s), similar e.g. to https://github.com/tpm2-software/tpm2-openssl/blob/master/test/ecdsa_genpkey_auth.sh.

Petr
______________________________________________________________
> Od: "Sievert, James" <james.sievert(a)bsci.com>
> Komu: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>
> Datum: 26.04.2022 14:07
> Předmět: [tpm2] Re: {External} Re: OpenSSL 3 and tpm2 provider...
>
>Thanks, Petr.  That did the trick (actually, base was sufficient).  In a similar vein, the corresponding private key is also held persistently in the TPM, handle 0x81800002.  I'm now attempting the following:
>
>        openssl cms -sign -provider tpm2 -provider default -in file.txt -inkey handle:0x81800002 -signer handle:0x01000013
>
>I get no output, and a return value of 3.  I get the same result if I reference the public key certificate as a file:
>
>        openssl cms -sign -provider tpm2 -provider default -in file.txt -inkey handle:0x81800002 -signer signer.pem
>
>Any insight on that would be appreciated…
>

             reply	other threads:[~2022-04-26 12:20 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-26 12:20 Petr Gotthard [this message]
  -- strict thread matches above, loose matches on Subject: below --
2022-04-26 14:24 [tpm2] Re: {External} Re: OpenSSL 3 and tpm2 provider Sievert, James
2022-04-26 13:09 Petr Gotthard
2022-04-26 12:57 Sievert, James
2022-04-26 12:06 Sievert, James

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220426142024.E81B1820@centrum.cz \
    --to=tpm2@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox