[tpm2] Re: Usage of openssl command line API as library function along with tpm-tss engine

[tpm2] Re: Usage of openssl command line API as library function along with tpm-tss engine

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 1538 bytes --]

After you generate the keypair, can't you call:
openssl rsa -in key.pem -pubout -out pubkey.pem

Specifying the inkey and the engine, there are examples in the
Test scripts. Then from there you have a normal public key pem file
You can pass to openssl like normal without engine stuff, so it wont
Use the engine and just do software.

If you want a random key, again just generate it and use the openssl symmetric
Key operations. So if you wanted to do something like encrypt a file and share
The decryption key, the steps would be
1. generate aes key
2. encrypt the file data
3. encrypt the key with the public key
4. decrypt the key with the private key
5. decrypt the file with the obtained decrypted aes key

	
> -----Original Message-----
> From: muthu.smk(a)gmail.com [mailto:muthu.smk(a)gmail.com]
> Sent: Tuesday, April 28, 2020 7:33 AM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] Re: Usage of openssl command line API as library function along
> with tpm-tss engine
> 
> seems this iesys_crypto_sym_aes_encrypt() API and iesys_crypto_pk_encrypt()
> API uses TPM for encryption and decryption .  What i want is to use pure openssl
> API (s/w based encryption) with the input of tpm generated hardware priv key
> and random key and do encrypt & decrypt it as explained in the first thread .
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

[tpm2] Re: Usage of openssl command line API as library function along with tpm-tss engine

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 2346 bytes --]

> -----Original Message-----
> From: muthu.smk(a)gmail.com [mailto:muthu.smk(a)gmail.com]
> Sent: Tuesday, April 28, 2020 6:25 AM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] Usage of openssl command line API as library function along with
> tpm-tss engine
> 
> Hi ,
> I would like to know how to use the below mentioned command line openssl
> APIs as library call inside a "c" program.
> I could see a "helper crypto functions as ESYS API . from this block diagram
> https://github.com/tpm2-software/tpm2-
> tss/blob/master/doc/TSS_block_diagram.png
> 
> I dont want to use TPM ESYS/other TPM API to perform encryption/decryption of
> keys generated by TPM . Instead need to use openssl s/w library with the input
> of tpm generated key and generated a "encrypted file" and "decrypt" it back.

I answered this on your second thread.

> 
> Ex: I would like encrypt the private key(priv_key) and random number
> (input_random_key) as input to below openssl api and generate a encrypted
> output file and vice versa for decryption.
> 
> Encryption:
> #openssl enc -aes-256-cbc -salt -in priv_key -out output_key -k
> input_random_key
> 
> "priv_key" is the output key that has been created using tpm2tss-rsa-genkey()
> API  - using TPM "input_random_key" is the output key generated using
> Esys_GetRandom() API - using TPM "output_key" will be encryption file
> generated as output of this openssl command line API - using pure S/W openssl
> which understanding tpm generated keys and works via tpm2-tss/tpm2-tss-
> engine.
> 
> Vice versa of below decryption , need to use below command line API as library
> function and achieve the expectation.
> Decryption:
> #openssl enc -aes-256-cbc -d -in output_key -out decrypted_output_key -k
> input_random_rum
> 
> Now the output_key should have the content of "priv_key" which has been used
> as input to above openssl API during encryption.
>

You just need to use the engine form to ask the engine for the public key out. Private key
Operations must be done with the engine and the TPM.

Better details in the other thread.
 
> Thanks,
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

[tpm2] Re: Usage of openssl command line API as library function along with tpm-tss engine

[muthu.smk]

[-- Attachment #1: Type: text/plain, Size: 311 bytes --]

seems this iesys_crypto_sym_aes_encrypt() API and iesys_crypto_pk_encrypt() API uses TPM for encryption and decryption .  What i want is to use pure openssl API (s/w based encryption) with the input of tpm generated hardware priv key and random key and do encrypt & decrypt it as explained in the first thread .

[tpm2] Re: Usage of openssl command line API as library function along with tpm-tss engine

[muthu.smk]

[-- Attachment #1: Type: text/plain, Size: 370 bytes --]

Is this the below reference i need to look in to achieve this request ..? if am correct , I could see iesys_crypto_sym_aes_encrypt() API and iesys_crypto_pk_encrypt(() APIs from below reference. Not sure which one to use . If am looking in to wrong reference , request to guide me on this.

https://github.com/tpm2-software/tpm2-tss/blob/master/test/unit/esys-crypto.c