You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Creating this RFE issue as a place to hang some implementation notes about TPMv2 support.
Firstly, please don't add any new user interface for this. Keys wrapped by TPMv2 come in the form of a PEM file which we should just detect and use automatically.
As a nudge in that general direction, I've implemented the detection in my pending PKCS#11 series (hard to untangle since the context includes the checks for pkcs11: URIs). fe7e06f
As for the implementation... I'm not sure what the state of TPM support in Go is.
https://github.com/google/go-tpm/ is probably the place to start? That's just the low-level TPM API support. Then there's https://github.com/google/go-tpm-tools which provides higher level interfaces, and I think it includes a Signer. I've filed google/go-tpm-tools#316 to request support for the standard PEM form; if we want to do this right then we might end up implementing that for them.
As noted in that RFE, we can use my OpenConnect C implementation as something to crib from.
The text was updated successfully, but these errors were encountered:
Creating this RFE issue as a place to hang some implementation notes about TPMv2 support.
Firstly, please don't add any new user interface for this. Keys wrapped by TPMv2 come in the form of a PEM file which we should just detect and use automatically.
As a nudge in that general direction, I've implemented the detection in my pending PKCS#11 series (hard to untangle since the context includes the checks for
pkcs11:URIs). fe7e06fAs for the implementation... I'm not sure what the state of TPM support in Go is.
https://github.com/google/go-tpm/ is probably the place to start? That's just the low-level TPM API support. Then there's https://github.com/google/go-tpm-tools which provides higher level interfaces, and I think it includes a
Signer. I've filed google/go-tpm-tools#316 to request support for the standard PEM form; if we want to do this right then we might end up implementing that for them.As noted in that RFE, we can use my OpenConnect C implementation as something to crib from.
The text was updated successfully, but these errors were encountered: