You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Expected Behavior
I want to start openssl server with tpm2tss engine that uses a private key stored in TPM without prompt for password.
Hint: The prompt should have been supressed by: Enable emptyAuth detection for noda persistent keys #55
Please can you tell me how I shall create a key to avoid password prompt by tpm2tss engine?
Test
I have created the key with NODA and stored in TPM with handle 0x81010101 tpm2_create -C primary.ctx -G rsa -u key.pub -r key.priv -a "decrypt|sign|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda"
With tpm2tss engine, the server starts and asks for password. openssl s_server -cert secrets/localhost.crt -key 0x81010101 -keyform engine -engine tpm2tss -accept 4443
For comparison with tpm2 provider, the server starts without prompt. openssl s_server -provider tpm2 -provider default -propquery ?provider=tpm2 -accept 4443 -www -key handle:0x81010101 -cert secrets/localhost.crt
Context
gRPC supports OpenSSL engine only and the password prompt is not implemented in gRPC code.
The text was updated successfully, but these errors were encountered:
Expected Behavior
I want to start openssl server with tpm2tss engine that uses a private key stored in TPM without prompt for password.
Hint: The prompt should have been supressed by: Enable emptyAuth detection for noda persistent keys #55
Please can you tell me how I shall create a key to avoid password prompt by tpm2tss engine?
Test
I have created the key with NODA and stored in TPM with handle 0x81010101
tpm2_create -C primary.ctx -G rsa -u key.pub -r key.priv -a "decrypt|sign|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda"With tpm2tss engine, the server starts and asks for password.
openssl s_server -cert secrets/localhost.crt -key 0x81010101 -keyform engine -engine tpm2tss -accept 4443For comparison with tpm2 provider, the server starts without prompt.
openssl s_server -provider tpm2 -provider default -propquery ?provider=tpm2 -accept 4443 -www -key handle:0x81010101 -cert secrets/localhost.crtContext
gRPC supports OpenSSL engine only and the password prompt is not implemented in gRPC code.
The text was updated successfully, but these errors were encountered: