go-tpm-tools
go-tpm-tools copied to clipboard
Support "TSS2 PRIVATE KEY" PEM files
https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html describes a (de facto, for now) standard for PEM files containing TPMv2-wrapped keys.
It is supported by both the IBM and TCG OpenSSL ENGINEs/providers, as well as GnuTLS and OpenConnect.
Users have a PEM file which contains the TPM-wrapped key, and should be able to pass that to any application in place of a simple file-based key... and expect it to Just Work.
There is C code for the interesting parts in https://gitlab.com/openconnect/openconnect/-/blob/v9.12/gnutls_tpm2.c which I'm happy to relicense, but my Go is weak.