[PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops
From: dhowells@redhat.com (David Howells)
Date: 2018-09-18 17:18:41
Also in:
keyrings, lkml
Possibly related (same subject, not in this thread)
- 2018-09-28 · Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops · Marcel Holtmann <marcel@holtmann.org>
- 2018-09-20 · Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops · Denis Kenzior <hidden>
- 2018-09-18 · Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops · Denis Kenzior <hidden>
- 2018-09-18 · Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops · Denis Kenzior <hidden>
- 2018-09-18 · Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops · David Howells <dhowells@redhat.com>
Denis Kenzior [off-list ref] wrote:
quoted
Yes. It shouldn't be much code, either. You still have to check for X.509 DER since the kernel currently supports that.For reasons of backward compatibility, correct? The kernel also has mscode.asn1 which we would need to support as well. Since we can't break compatibility then perhaps this doesn't buy us a whole lot in the end.
Don't worry about mscode - that's not an asymmetric key parser. That's only ever used directly from verify_pefile_signature(). Currently, we have to retain support for DER-encoded X.509. But there's no reason we can't have a PEM parser that decodes the PEM and selects X.509, PKCS#8 or TPM based on the ascii header in that. PKCS#8 and TPM don't need to take DER directly. David