You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Command 1: tpm2tss generates a csr by using the persistent handle openssl req -new -engine tpm2tss -keyform engine -out client.csr -key 0x81010003
Command 2: OpenSSL natively generates a CSR using openssl req -new -key client.key -out client.csr -subj "/CN=TPM AK
For command 2, OpenSSL first constructs an unsigned CSR structure (extracting the public key information from the private key and filling the public key as a field in the CSR), then uses the private key to sign the CSR, and finally outputs a signed CSR.
For command 1, I understand that we can only obtain the public key from the TPM handler. How does the tpm2-tss-engine source code construct an unsigned CSR with only the public key, given that the private key cannot be retrieved from the TPM? My understanding is that it first exports the public key from the TPM handler to construct a CSR to be signed, and then calls the TPM's signing function to sign this unsigned CSR. Our goal is to understand and learn how to manually construct a CSR structure to be signed using only the public key.
Thanks a lot.
The text was updated successfully, but these errors were encountered:
openssl req -new -engine tpm2tss -keyform engine -out client.csr -key 0x81010003openssl req -new -key client.key -out client.csr -subj "/CN=TPM AKThanks a lot.
The text was updated successfully, but these errors were encountered: