Certify example with TPMless authority #568
Comments
|
Just out of curiosity have you seen #563? |
|
Yes, I did saw it. It would cover make_credentials, so only verify_signature would be missing, as the hash is straightforward... |
|
Hi! When you say rust-tss-esapi/tss-esapi/examples/certify.rs Line 536 in beeccaa |
|
Hi, |
|
Hmm, true, especially for the way certify works for TPMs, you should be able to do all of those without a TPM. I guess we could provide an example for how to do verification outside of a TPM, it shouldn't be too hard with the right tools in place. What you'd need is a way to extract the public part of the key in a neutral format (something like PublicKey), and then get that in a shape that's suitable for some software library (e.g., OpenSSL). Unfortunately, we don't have docs or an example of how that could / should look like... |
|
I think this could be done with the APIs introduced in #537 Get a Note: The signature will also need to be converted. I don't have time to test that right now sadly. |
Hello,
In the certify example it is indicated that " The Authority in this process does not require a TPM - for brevity we use one in this example but it is possible to perform this certification without a TPM on the authority."
Could the example give some guidance on how to do so ?
Precisely, how to mimic ctx.make_credential, ctx.load_external_public, ctx.hash, ctx.verify_signature without a TPM ?
Thanks,
Best regards.
The text was updated successfully, but these errors were encountered: