Conversation

Jarkko Sakkinen

v2 of #TPM2 asymmetric keys: https://lore.kernel.org/linux-integrity/20240521031645.17008-1-jarkko@kernel.org/

Crypto stuff is so easy to break especially in format conversions so decided to save low-hanging fruit clean up for a separate version. From this version forward, I'll promise to stop spamming :-)

#linux #kernel
1
0
0
The use cases are quite trivial really. Want a server to sign x509 without exposing the private key? Yeah, that's the whole point here. Verification can be done with software, and is done with software. Signing and decryption are done with the private key inside TPM2.

Higher goal is to implement this x509 spec by David Woodhouse but the above is the basic gist here:
https://datatracker.ietf.org/doc/draft-woodhouse-cert-best-practice/
0
0
0