Re: [PATCH] Allow use of TPM2-wrapped keyfiles



On Mon, 2019-07-08 at 18:46 +0200, Daniel Kobras wrote:
Hi all!

Using either GnuTLS or one of the TPM2 engines for OpenSSL, it's
possible to use keyfiles that are encrypted with a wrapping key from
a
TPM2 device. Implementations have started to use special PEM headers
for
these files. If openconnect it can automatically invoke the necessary
magic to unwrap the key without any user interaction. A similar patch
for wpa_supplicant can be found at
http://lists.infradead.org/pipermail/hostap/2019-July/040318.html.

Alas, these PEM files currently fail NM's header validation. The
attached patch just accepts these keys in NM, assuming further
support
is present in the backend tools.


Hi,

The patch looks good to me.

best,
Thomas

Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]