tpm2-tss-engine icon indicating copy to clipboard operation
tpm2-tss-engine copied to clipboard

Published 20 hours ago verified publisher icon tpm2-software

Extend key -read and -write functions

Open chris2511 opened this issue 1 year ago • 1 comments

If an existing key or the new key is not intended to be stored in a file, the current implementation requires the creation of temporary files with all its odds (cleanup, symlink attack, mktemp)

This change allows to provide the key in many different ways:

A filename of "-" translates to for reading and for writing.

If the file named by "filename" does not exist, check whether it contains a "-----BEGIN" and try interpreting the filename itself as key.

Extend documentation in README.md

chris2511 avatar Nov 19 '23 20:11 chris2511

@chris2511 This is really useful and we were also thinking in the same way. I was using /tmp folder for key creation while using tpm2tss-genkey but our static code analyzer Sonar was warning about this security hotspot. This functionality definitely must be on this library.

TaeZStkyoht avatar Apr 02 '25 14:04 TaeZStkyoht