Petr Gotthard

Could you please write down the tpm2 commands you use to generate the key you want to use with openssl?

Understood. I will try to implement loading of the context files, which should enable you working with the NULL hierarchy. This may take some time because I am facing some...

Alright. I created a branch `ctxload` (https://github.com/tpm2-software/tpm2-openssl/tree/ctxload) that can load the tpm2 context files produced by tpm2-tools. There is also an example https://github.com/tpm2-software/tpm2-openssl/blob/ctxload/test/rsa_import_null_sign.sh that demonstrates the the steps you described...

I made a simplest CSR test/example possible: https://github.com/tpm2-software/tpm2-openssl/blob/master/test/rsa_genpkey_x509_csr.sh Please check whether this works for you. I does for me.

You can set the `OPENSSL_CONF` variable to use the config with TPM enabled only for the python script that needs TPM. Could this be a workaround?

I don't think the callbacks changed much. The new openssl supports custom parameters to get/set, but not custom callbacks. One can only query a password.

I would be interested to know what digest is being requested. Please build the tpm2 provider with `--enable-debug`. When running your code you should see a logs with messages like...

Hi again, I made some updates. If the problem persists, could you try building the latest master, configured without op-cipher and op-digest disabled? You may get better results.

What an interesting subject! 1) Building OpenSSL on Windows should not be difficult-- the instructions are in https://github.com/openssl/openssl/blob/master/NOTES-WINDOWS.md 2) You will need the `tpm2-tss` library with the ESYS API (no...

You should not need to recompile OpenSSL. The error is either because there is no `OSSL_provider_init` function in the `tpm2.dll` (I can see there is one) or because calling this...