Hi Dawn,

there are code samples in the OpenSSL documentation.

First, you need OSSL_PROVIDER_load as shown here

https://github.com/tpm2-software/tpm2-openssl/blob/master/test/selftest.c

Then, to load EVP_PKEY from the TPM you need the OSSL_STORE* functions and the shipplet from here

https://github.com/tpm2-software/tpm2-openssl/issues/26#issuecomment-1057929799

Finally, I believe the OpenSSL routines to use for file encrypting are EVP_Seal* and EVP_Open*

https://wiki.openssl.org/index.php/EVP_Asymmetric_Encryption_and_Decryption_of_an_Envelope

these work exactly like Steven suggested.

I you face any troubles, just let me know.

Petr

______________________________________________________________
> Od: dawn.howe@alten.com
> Komu: tpm2@lists.01.org
> Datum: 15.06.2022 21:29
> Předmět: [tpm2] Re: Ecrypting and decrypting a file using a TPM2
>

Petr:
Thanks so much for the suggestion. I was able to encrypt and decrypt my files based on the pattern in https://github.com/tpm2-software/tpm2-openssl/blob/master/test/cipher_aes128_cbc.sh. I think I can accomplish what I want with some system calls to openssl.

The code I'm writing is in C++. Is there a way to replace the system call to openssl with a c++ library call (perhaps that takes a provider parameter)?

i.e. Replace the following with a C++ library call
openssl enc -provider tpm2 -aes128 -e -K $KEY -iv $IV -in testdata -out testdata.enc

I'd love to see a code sample if you have one.

thanks,
Dawn
_______________________________________________
tpm2 mailing list -- tpm2@lists.01.org
To unsubscribe send an email to tpm2-leave@lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s