tpm2-openssl icon indicating copy to clipboard operation
tpm2-openssl copied to clipboard

Published 20 hours ago verified publisher icon tpm2-software

Policy protected keys are not supported

Open gotthardp opened this issue 4 years ago • 2 comments

gotthardp avatar Feb 26 '21 17:02 gotthardp

IMHO this could easiest be done using FAPI calls, since this will perform policy-stuff automatically (see #27). But it would need to use the Fapi_Sign() call directly and not just the Fapi_GetEsysBlob() approach.

For policies however it can happen that there is a lot of user interaction; asking for branch seletions, asking for multiple passwords, or counter-signing of a TPM challenge. Question is, do providers now have a better UI interaction model hat allows for this kind of scenarios ?

AndreasFuchsTPM avatar Feb 17 '22 11:02 AndreasFuchsTPM

I don't think the callbacks changed much. The new openssl supports custom parameters to get/set, but not custom callbacks. One can only query a password.

gotthardp avatar Feb 17 '22 11:02 gotthardp