[PATCH 1/2] Add support for openssl engine based keys
Jakub Jelen
jjelen at redhat.com
Sat Feb 1 04:43:21 AEDT 2020
On Thu, 2020-01-30 at 16:24 +0100, James Bottomley wrote:
> Engine keys are keys whose file format is understood by a specific
> engine rather than by openssl itself. Since these keys are file
> based, the pkcs11 interface isn't appropriate for them because they
> don't actually represent tokens.
There is already tpm2-pkcs11 module which addresses the same use case
in a standard way for TPM2:
https://github.com/tpm2-software/tpm2-pkcs11
I do not think all the applications that want support for TPM2/engines
should need to implement support for engines. Especially when the
engines are to be replaced by a new providers interface in future
OpenSSL releases:
https://www.openssl.org/docs/OpenSSLStrategicArchitecture.html
Regards,
--
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.
More information about the openssh-unix-dev
mailing list