search

tpm2-software / tpm2-tss-engine

OpenSSL Engine for TPM2 devices
https://tpm2-software.github.io
BSD 3-Clause "New" or "Revised" License
149 stars 99 forks source link

tpm2tss-genkey - add support for tpm2-tools serialized handle files. #179

Open rowanmoul opened 4 years ago

rowanmoul commented 4 years ago

When using tpm2tss-genkey the parent object in the TPM (such as a Primary Key) can only be specified with a hex handle (eg 0x81000003). It would be good to add support for handle files produced by the -o option of tpm2_evictcontrol. The man page for that tool specifically mentions these being safer to use than a raw handles. Since it is a binary format I am not sure why without digging into the code but I assume these files also include the object's name to allow for verification that the handle actually points to the expected object (assuming no tampering with the serialized handle file)

AndreasFuchsTPM commented 4 years ago

Yes, nice idea. For anyone interested in implementing this, the file can be parsed using Esys_TR_Deserialize()

But be aware that this would also need an extension of the PEM format file.