TPM support !!!

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

TPM support !!!

dinesh.kallath
Hello

Came to know that OpenSSL 0.9.8 supports Trusted Platform Modules (TPM)
security chip. Could any one please provide more information on this?

Any pointers at this stage is very much appreciated.

Many thanks,
Dinesh


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: TPM support !!!

shpedoikal (Bugzilla)
Hi, yesterday I released an initial version of an engine [1] that
supports the TPM, right now for 0.9.8 only.  Check out the readme, let
me know if you have any questions.

Thanks,
Kent

[1] http://sourceforge.net/project/showfiles.php?group_id=126012&package_id=165637&release_id=361437

On 10/6/05, [hidden email] <[hidden email]> wrote:

> Hello
>
> Came to know that OpenSSL 0.9.8 supports Trusted Platform Modules (TPM)
> security chip. Could any one please provide more information on this?
>
> Any pointers at this stage is very much appreciated.
>
> Many thanks,
> Dinesh
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>


--
Kent Yoder
IBM LTC Security Dev.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: TPM support !!!

Juan Daniel Moreno
Hi everyone,

I have a very important question. I have a private key in a file named
key.key.  How do I use this private key to decrypt a message sent to
me? Please send me any relevant information.

Thank you, Juan Daniel MORENO
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: TPM support !!!

dinesh.kallath
In reply to this post by dinesh.kallath
If you are using the libtpm tools (that is wat I know as of now), what u
can do is use the loadkey feature to load the key.key file with the
parent handle ( if SRK it will be 40000000). This will return you with
the handle for key.key private key (say for example 0000000A) use this
handle as input for unbindfile utility and you must be able to decrypt
the file. ( here I am assuming that you have encrypted the plain text
with the public key corresponding to the key.key file, publickkey.pem).

Cheers,
Dinesh

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Juan Daniel Moreno
Sent: 07 October 2005 10:55
To: [hidden email]
Subject: Re: TPM support !!!


Hi everyone,

I have a very important question. I have a private key in a file named
key.key.  How do I use this private key to decrypt a message sent to me?
Please send me any relevant information.

Thank you, Juan Daniel MORENO
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: TPM support !!!

Juan Daniel Moreno
Thank you four your answer. Indeed, I'm doing a client's interface for
Radius Peap and I'm having problems with key_eccxhange. I know I have
to define the protocol version (3.1) generate a random number of 46
bytes and public_key_encrypt all this stuff. The problem is as I send
this packet to server, I get a "tls rsa encrypted value length is
wrong".

Please help me and tell me how is the public_key_encrypted message's
structure, so I will be able to see if the ssl functions work or not.

Thank you, Juan Daniel MORENO

On 10/7/05, [hidden email] <[hidden email]> wrote:

> If you are using the libtpm tools (that is wat I know as of now), what u
> can do is use the loadkey feature to load the key.key file with the
> parent handle ( if SRK it will be 40000000). This will return you with
> the handle for key.key private key (say for example 0000000A) use this
> handle as input for unbindfile utility and you must be able to decrypt
> the file. ( here I am assuming that you have encrypted the plain text
> with the public key corresponding to the key.key file, publickkey.pem).
>
> Cheers,
> Dinesh
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Juan Daniel Moreno
> Sent: 07 October 2005 10:55
> To: [hidden email]
> Subject: Re: TPM support !!!
>
>
> Hi everyone,
>
> I have a very important question. I have a private key in a file named
> key.key.  How do I use this private key to decrypt a message sent to me?
> Please send me any relevant information.
>
> Thank you, Juan Daniel MORENO
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: TPM support !!!

Rich Salz
> generate a random number of 46
> bytes and public_key_encrypt all this stuff. The problem is as I send
> this packet to server, I get a "tls rsa encrypted value length is
> wrong".

An RSA key that is "n" bits long will output an encrypted buffer that is
"n" bits long.  Are you padding your data out to the right size?

The code in crypto/apps is a really good way to learn how to use the
OpenSSL library.  Learn the commands, find one that does what you want,
and read the source for it.

        /r$

--
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

"Signature did not match the certificate request"

Rodrigo H. Vázquez Cañás
In reply to this post by shpedoikal (Bugzilla)
Hi!!!
 
I'm running openssl-0.9.7e patched for ERACOM

I'm getting the following error message: "Signature did not
match the certificate request" when I excecute the following
command:

openssl x509 -req -in cli/test.certreq -CA ca/CA_cert.pem
-engine ERACOM -CAkey ca/CA.keylink > cli/test_cert.pem

The complete procedure is:
openssl genrsa -engine ERACOM -hwkey CA > ca/CA.keylink
openssl req -new -x509 -engine ERACOM -key ca/CA.keylink >
ca/CA_cert.pem
openssl genrsa 1024 > cli/private.key
openssl req -new -key cli/private.key > cli/test.certreq
openssl x509 -req -in cli/test.certreq -CA ca/CA_cert.pem
-engine ERACOM -CAkey ca/CA.keylink > cli/test_cert.pem

Do you have any clue?

Regards

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.12.2/140 - Release
Date: 18/10/2005
 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]