| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2c5a34af-c2ae-b98c-e5d3-d89462ad3a20@gmail.com>
Date: Tue, 18 Sep 2018 00:41:59 -0500
From: Denis Kenzior <denkenz@...il.com>
To: David Woodhouse <dwmw2@...radead.org>,
David Howells <dhowells@...hat.com>
Cc: jmorris@...ei.org, keyrings@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops
Hi David,
On 09/18/2018 11:17 AM, David Woodhouse wrote:
> On Tue, 2018-09-18 at 00:24 -0500, Denis Kenzior wrote:
>> Hi David,
>>
>> On 09/18/2018 10:50 AM, David Howells wrote:
>>> Denis Kenzior <denkenz@...il.com> wrote:
>>>
>>>> openssl asn1parse -inform pem -in /tmp/privkey.2048.tpm -noout \
>>>> -out /tmp/privkey.2048.der
>>>
>>> You can use "... -out - | ..." instead.
>>
>> Aha! okay, that is even more elegant. Your openssl-fu is better than
>> mine :)
>
> 'grep -v ^----- | base64 -d' also works most of the time :)
>
> You are passing the raw DER to the kernel in both cases, right? And the
> kernel just happens to know that if it receives a bare OCTET-STRING
> it's supposed to treat it as a TPMv1.2 key?
>
Short answer: right.
Long answer: The kernel runs all the registered parsers until all fail
or one of them recognizes the format. All the currently supported
asymmetric key formats are DER based, e.g. PKCS8, PKCS7, TPM-1.2, etc.
All these have a very specific DER structure with the TPM-1.2 being the
simplest format.
Regards,
-Denis
Powered by blists - more mailing lists