Home GnuPG
Diffusion GnuPG 72ece35fb713

tpm2: add handling for elliptic curve keys
72ece35fb713Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

tpm2: add handling for elliptic curve keys

* agent/divert-tpm2.c: Support ECC.

This adds handling for the way gnupg does elliptic keys, namely ECDSA
for signatures and using ECDH with an ephemeral key to generate an
encrypted message. The main problem is that the TPM2 usually has a
very small list of built in curves and it won't handle any others.
Thanks to TCG mandates, all TPM2 systems in the USA should come with
NIST P-256, but do not come with the Bernstien curve 25519, so the
only way to use the TPM2 to protect an elliptic curve key is first to
create it with a compatible algorithm.

  • Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Details

Provenance
James Bottomley <James.Bottomley@HansenPartnership.com>Authored on Mar 5 2018, 8:18 PM
wernerCommitted on Mar 9 2018, 10:15 AM
Parents
rGc4c7b7d7ba6b: g10: add ability to transfer a private key to the tpm
Branches
Unknown
Tags
Unknown

Event Timeline

werner committed rG72ece35fb713: tpm2: add handling for elliptic curve keys (authored by James Bottomley <James.Bottomley@HansenPartnership.com>).Mar 9 2018, 10:15 AM

Changes (3)

PathSize
agent/

rG72ece35fb713

View Options

agent/divert-tpm2.c

Loading...
View Options

agent/tpm2.c

Loading...
View Options

agent/tpm2.h

Loading...