From: Petr Gotthard <petr.gotthard at centrum.cz>
To: tpm2@lists.01.org
Subject: [tpm2] Re: Ecrypting and decrypting a file using a TPM2
Date: Thu, 16 Jun 2022 17:42:07 +0200 [thread overview]
Message-ID: <20220616174207.FD2F4246@centrum.cz> (raw)
In-Reply-To: 20220615192928.1682.44443@ml01.vlan13.01.org
[-- Attachment #1: Type: text/plain, Size: 1850 bytes --]
Hi Dawn,
there are code samples in the OpenSSL documentation.
First, you need OSSL_PROVIDER_load as shown here
https://github.com/tpm2-software/tpm2-openssl/blob/master/test/selftest.c
Then, to load EVP_PKEY from the TPM you need the OSSL_STORE* functions and the shipplet from here
https://github.com/tpm2-software/tpm2-openssl/issues/26#issuecomment-1057929799
Finally, I believe the OpenSSL routines to use for file encrypting are EVP_Seal* and EVP_Open*
https://wiki.openssl.org/index.php/EVP_Asymmetric_Encryption_and_Decryption_of_an_Envelope
these work exactly like Steven suggested.
I you face any troubles, just let me know.
Petr
______________________________________________________________
> Od: dawn.howe(a)alten.com
> Komu: tpm2(a)lists.01.org
> Datum: 15.06.2022 21:29
> Předmět: [tpm2] Re: Ecrypting and decrypting a file using a TPM2
>
Petr:
Thanks so much for the suggestion. I was able to encrypt and decrypt my files based on the pattern in https://github.com/tpm2-software/tpm2-openssl/blob/master/test/cipher_aes128_cbc.sh <https://github.com/tpm2-software/tpm2-openssl/blob/master/test/cipher_aes128_cbc.sh>. I think I can accomplish what I want with some system calls to openssl.
The code I'm writing is in C++. Is there a way to replace the system call to openssl with a c++ library call (perhaps that takes a provider parameter)?
i.e. Replace the following with a C++ library call
openssl enc -provider tpm2 -aes128 -e -K $KEY -iv $IV -in testdata -out testdata.enc
I'd love to see a code sample if you have one.
thanks,
Dawn
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org
To unsubscribe send an email to tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 3025 bytes --]
next reply other threads:[~2022-06-16 15:42 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-16 15:42 Petr Gotthard [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-06-15 19:29 [tpm2] Re: Ecrypting and decrypting a file using a TPM2 dawn.howe
2022-06-15 13:21 Petr Gotthard
2022-06-15 0:27 Steven Clark
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220616174207.FD2F4246@centrum.cz \
--to=tpm2@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox