Menu
▾
▴
Re: [TrouSerS-users] Is there a way to encrypt data through OpenSSL using the keys generated in the TPM?
|
From: Bill M. <bil...@gh...> - 2017-07-11 21:22:48
|
I'm not sure if this answers your question but I assume you get a modulus and exponent from, the TPM - in byte form. For openssl you want PEM or DER. I have a bash script that converts a modulus and exponent - to DER. Copy this and name it created.sh and of course chmod it so that it is executable. This assumes you have base64 as a program, along with other basic linux binaries. #!/bin/bash # # Given a 270-byte RSA public modulus and exponent file, # create a der file: # # source ./createder.sh file.key file.der # # if [ -f public.key ] ; then rm public.key fi if [ -f modulus.bin ] ; then rm modulus.bin fi if [ -f exponent.bin ] ; then rm exponent.bin fi [[ -f header.bin ]] || echo 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA' | base64 -d > header.bin cp $1 public.key dd if=public.key of=modulus.bin bs=1 skip=9 count=256 dd if=public.key of=exponent.bin bs=1 skip=267 count=3 [[ -f mid-header.bin ]] || dd if=public.key of=mid-header.bin bs=1 skip=265 count=2 cat header.bin modulus.bin mid-header.bin exponent.bin > key.der cp key.der $2 yes | rm key.der yes | rm public.key yes | rm modulus.bin yes | rm exponent.bin ? ________________________________ From: supraja sridhar <sup...@gm...> Sent: Sunday, July 9, 2017 11:53 PM To: tro...@li... Subject: [TrouSerS-users] Is there a way to encrypt data through OpenSSL using the keys generated in the TPM? Hi, Using the trousers API, I generated a pair of keys and have the public part of the key. I will share the public key to others and they will encrypt data and send it back to my device where I use the TPM to decrypt the data. I noticed that the public key is in a BYTE format. How should I convert it into a format such that it is compatible with OpennSSL. Thanks, Supraja |