OpenSSL Engine for TPM

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

OpenSSL Engine for TPM

Devang Kubavat

Hi All,

  1.  Is there any built-in OpenSSL Engine to access the TPM ?
  2.  Is there any other OpenSSL Engine to access the TPM ? If Yes, How can we configure in OpenSSL libraries to use that engine ?

Please guide me. Thanks.

Best Regards,
Devang


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL Engine for TPM

OpenSSL - User mailing list
>  1.  Is there any built-in OpenSSL Engine to access the TPM ?

No.

>  2.  Is there any other OpenSSL Engine to access the TPM ? If Yes, How can we configure in OpenSSL libraries to use that engine ?

If someone has written one, and can make it available, they should post here.  I don't know of any, but there may be.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL Engine for TPM

Christian Hohnstaedt
In reply to this post by Devang Kubavat
The trousers project has one.
https://sourceforge.net/projects/trousers/files/OpenSSL%20TPM%20Engine/


Christian

Am 5. Juli 2017 06:47:24 MESZ schrieb Devang Kubavat <[hidden email]>:

Hi All,

  1.  Is there any built-in OpenSSL Engine to access the TPM ?
  2.  Is there any other OpenSSL Engine to access the TPM ? If Yes, How can we configure in OpenSSL libraries to use that engine ?

Please guide me. Thanks.

Best Regards,
Devang


--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL Engine for TPM

Jan Just Keijser-2
Hi,

On 06/07/17 06:39, Christian Hohnstädt wrote:
The trousers project has one.
https://sourceforge.net/projects/trousers/files/OpenSSL%20TPM%20Engine/


agreed, but this engine  does not really put the keys inside the TPM - instead it sets up a local repository that is encrypted using a key from the TPM. If you look at the way it is designed, it is not really secure (as it's not impossible to find the password that was used to encrypt the keys with).


Am 5. Juli 2017 06:47:24 MESZ schrieb Devang Kubavat [hidden email]:

Hi All,

  1.  Is there any built-in OpenSSL Engine to access the TPM ?
  2.  Is there any other OpenSSL Engine to access the TPM ? If Yes, How can we configure in OpenSSL libraries to use that engine ?

Please guide me. Thanks.



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL Engine for TPM

Michael Wojcik
> agreed, but this engine  does not really put the keys inside the TPM - instead it sets up a local repository that is encrypted
> using a key from the TPM. If you look at the way it is designed, it is not really secure (as it's not impossible to find the
> password that was used to encrypt the keys with).

"really secure" is not a useful phrase. Security is a set of asymptotic trade-offs between attacker and defender work-factors under a threat model. Nothing ever achieves "really secure".

Even a hypothetical OpenSSL engine that performed all cryptographic operations on the TPM wouldn't achieve specified security under the TPM threat model unless the engine, all of OpenSSL, and whatever is invoking it were part of the TCB.

That said, there is certainly a case to be made that an OpenSSL engine which performed at least some crypto operations on the TPM is of at least academic interest. Someone might want to start with the Trousers engine and try extending it. (Enhancing an existing engine generally isn't particularly difficult, in my experience, though of course it depends on what you're trying to do and what APIs are available.) Or try writing a fresh TPM engine using, say, the Windows TPM API.

It might help to know what your use case is.

Michael Wojcik
Distinguished Engineer, Micro Focus


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL Engine for TPM

Blumenthal, Uri - 0553 - MITLL
And in most cases (except those involving TPM-based platform attestation, which I don’t think has anything to do with OpenSSL use cases),  a separate hardware token (like a smartcard, or an HSM) would IMHO be a much better and more usable choice. PKCS#11 engine (libp11) to access those is quite popular and work well.

--
Regards,
Uri Blumenthal

On 7/7/17, 11:53, "openssl-users on behalf of Michael Wojcik" <[hidden email] on behalf of [hidden email]> wrote:

    > agreed, but this engine  does not really put the keys inside the TPM - instead it sets up a local repository that is encrypted
    > using a key from the TPM. If you look at the way it is designed, it is not really secure (as it's not impossible to find the
    > password that was used to encrypt the keys with).
   
    "really secure" is not a useful phrase. Security is a set of asymptotic trade-offs between attacker and defender work-factors under a threat model. Nothing ever achieves "really secure".
   
    Even a hypothetical OpenSSL engine that performed all cryptographic operations on the TPM wouldn't achieve specified security under the TPM threat model unless the engine, all of OpenSSL, and whatever is invoking it were part of the TCB.
   
    That said, there is certainly a case to be made that an OpenSSL engine which performed at least some crypto operations on the TPM is of at least academic interest. Someone might want to start with the Trousers engine and try extending it. (Enhancing an existing engine generally isn't particularly difficult, in my experience, though of course it depends on what you're trying to do and what APIs are available.) Or try writing a fresh TPM engine using, say, the Windows TPM API.
   
    It might help to know what your use case is.
   
    Michael Wojcik
    Distinguished Engineer, Micro Focus
   
   
    --
    openssl-users mailing list
    To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
   

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL Engine for TPM

Freemon Johnson
In reply to this post by Michael Wojcik
I would personally love to see an implementation of this as well for OpenSSL. However in the interim you can see how these libraries were referenced to insert keys into the TPM for OpenSSH. Our team here has also verified this works nicely. Perhaps this can be extended if you do not wish to work with Trousers.




On Fri, Jul 7, 2017 at 11:53 AM, Michael Wojcik <[hidden email]> wrote:
> agreed, but this engine  does not really put the keys inside the TPM - instead it sets up a local repository that is encrypted
> using a key from the TPM. If you look at the way it is designed, it is not really secure (as it's not impossible to find the
> password that was used to encrypt the keys with).

"really secure" is not a useful phrase. Security is a set of asymptotic trade-offs between attacker and defender work-factors under a threat model. Nothing ever achieves "really secure".

Even a hypothetical OpenSSL engine that performed all cryptographic operations on the TPM wouldn't achieve specified security under the TPM threat model unless the engine, all of OpenSSL, and whatever is invoking it were part of the TCB.

That said, there is certainly a case to be made that an OpenSSL engine which performed at least some crypto operations on the TPM is of at least academic interest. Someone might want to start with the Trousers engine and try extending it. (Enhancing an existing engine generally isn't particularly difficult, in my experience, though of course it depends on what you're trying to do and what APIs are available.) Or try writing a fresh TPM engine using, say, the Windows TPM API.

It might help to know what your use case is.

Michael Wojcik
Distinguished Engineer, Micro Focus


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL Engine for TPM

Michael Wojcik
In reply to this post by Blumenthal, Uri - 0553 - MITLL
> From: openssl-users [mailto:[hidden email]] On Behalf
> Of Blumenthal, Uri - 0553 - MITLL
> Sent: Friday, July 07, 2017 10:03
> To: [hidden email]
> Subject: Re: [openssl-users] OpenSSL Engine for TPM
>
> And in most cases (except those involving TPM-based platform attestation,
> which I don’t think has anything to do with OpenSSL use cases),  a separate
> hardware token (like a smartcard, or an HSM) would IMHO be a much better
> and more usable choice. PKCS#11 engine (libp11) to access those is quite
> popular and work well.

Agreed. I've had good results with OpenSC-based devices such as the NitroKey HSM using the OpenSSL PKCS#11 engine. Requires installing the various prereqs and a bit of setup and experimentation, but it all works.

On Windows, the CAPI engine can also generally be used to drive HSMs, if they don't have a suitable PKCS#11 driver.

Michael Wojcik
Distinguished Engineer, Micro Focus

 
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL Engine for TPM

Freemon Johnson
In reply to this post by Blumenthal, Uri - 0553 - MITLL
Agreed. I can't speak for the gentleman that originated this thread but in my context the use case would be to store the keys/certs within the TPM that's all. 

Regards,
Freemon

On Fri, Jul 7, 2017 at 12:03 PM, Blumenthal, Uri - 0553 - MITLL <[hidden email]> wrote:
And in most cases (except those involving TPM-based platform attestation, which I don’t think has anything to do with OpenSSL use cases),  a separate hardware token (like a smartcard, or an HSM) would IMHO be a much better and more usable choice. PKCS#11 engine (libp11) to access those is quite popular and work well.

--
Regards,
Uri Blumenthal

On 7/7/17, 11:53, "openssl-users on behalf of Michael Wojcik" <[hidden email] on behalf of [hidden email]> wrote:

    > agreed, but this engine  does not really put the keys inside the TPM - instead it sets up a local repository that is encrypted
    > using a key from the TPM. If you look at the way it is designed, it is not really secure (as it's not impossible to find the
    > password that was used to encrypt the keys with).

    "really secure" is not a useful phrase. Security is a set of asymptotic trade-offs between attacker and defender work-factors under a threat model. Nothing ever achieves "really secure".

    Even a hypothetical OpenSSL engine that performed all cryptographic operations on the TPM wouldn't achieve specified security under the TPM threat model unless the engine, all of OpenSSL, and whatever is invoking it were part of the TCB.

    That said, there is certainly a case to be made that an OpenSSL engine which performed at least some crypto operations on the TPM is of at least academic interest. Someone might want to start with the Trousers engine and try extending it. (Enhancing an existing engine generally isn't particularly difficult, in my experience, though of course it depends on what you're trying to do and what APIs are available.) Or try writing a fresh TPM engine using, say, the Windows TPM API.

    It might help to know what your use case is.

    Michael Wojcik
    Distinguished Engineer, Micro Focus


    --
    openssl-users mailing list
    To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...