-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certify example with TPMless authority #568
Comments
Just out of curiosity have you seen #563? |
Yes, I did saw it. It would cover make_credentials, so only verify_signature would be missing, as the hash is straightforward... |
Hi! When you say rust-tss-esapi/tss-esapi/examples/certify.rs Line 536 in beeccaa
|
Hi, |
Hmm, true, especially for the way certify works for TPMs, you should be able to do all of those without a TPM. I guess we could provide an example for how to do verification outside of a TPM, it shouldn't be too hard with the right tools in place. What you'd need is a way to extract the public part of the key in a neutral format (something like PublicKey), and then get that in a shape that's suitable for some software library (e.g., OpenSSL). Unfortunately, we don't have docs or an example of how that could / should look like... |
I think this could be done with the APIs introduced in #537 Get a Note: The signature will also need to be converted. I don't have time to test that right now sadly. |
Hello,
In the certify example it is indicated that " The Authority in this process does not require a TPM - for brevity we use one in this example but it is possible to perform this certification without a TPM on the authority."
Could the example give some guidance on how to do so ?
Precisely, how to mimic ctx.make_credential, ctx.load_external_public, ctx.hash, ctx.verify_signature without a TPM ?
Thanks,
Best regards.
The text was updated successfully, but these errors were encountered: