Andreas Fuchs

The tpm2tss-genkey executable shall (in the future) gain 2 import parameters to support importing of OpenSSL-PEM-keys as well as TPM2-keyblobs. Maybe even auto-detectable. So implementer note: The tpm2_import command from...

There's also some prototype bit-rotting at https://github.com/AndreasFuchsSIT/tpm2-tss-engine/tree/add_tpmkey_import

would you run `openssl dgst -sha256 -keyform pem -verify mykey.pub -signature mydatasig mydata` ? the mykey.pub is not a tpm-key anymore, but just a regular pem key. Could you also...

Oh, sorry, I copied the wrong one... Does `openssl dgst -engine tpm2tss -keyform engine -sha256 -verify mykey -signature mydatasig mydata` work ?

Could you compile the engine with `--enable-debug` and run the command again ?

Ok, so this seems do be related to dgst requiring the PKEY functions as implemented in #89 This will be part of the 1.1.0 release after 1.0.0 is out the...

I have no clue on what an ameth is or where to register it. This will need some investigation and (unless someone has good pointers) postponed until after 0.1 release.

Notes from #15: @AndreasFuchsSIT I'll let you ensure you have an ameth which implements ASN1_PKEY_CTRL_DEFAULT_MD_NID, reporting something like SHA1 or SHA256 as mandatory. Arguably if you do that, it should...

@dwmw2 Sorry, but OpenSSL is just beyond my comprehension... So, at https://github.com/tpm2-software/tpm2-tss-engine/blob/master/src/tpm2-tss-engine-ecc.c#L328 I need to call `const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)` to get the ameth ? I need to call...

https://mta.openssl.org/pipermail/openssl-users/2018-November/009334.html pointed out that digest values are merely truncated if the curve uses fewer bits. Implement this alongside the ameth ctrl for maximum compatibility.