gotthardp
commented
2 years ago I don't think the callbacks changed much. The new openssl supports custom parameters to get/set, but not custom callbacks. One can only query a password.
Open gotthardp opened 3 years ago
gotthardp
commented
2 years ago I don't think the callbacks changed much. The new openssl supports custom parameters to get/set, but not custom callbacks. One can only query a password.
IMHO this could easiest be done using FAPI calls, since this will perform policy-stuff automatically (see #27). But it would need to use the Fapi_Sign() call directly and not just the Fapi_GetEsysBlob() approach.
For policies however it can happen that there is a lot of user interaction; asking for branch seletions, asking for multiple passwords, or counter-signing of a TPM challenge. Question is, do providers now have a better UI interaction model hat allows for this kind of scenarios ?