How do I tell openssl rsautl to use the key stored in the TPM?

Question

Is there a (easy) way to create a signature for a file using the openssl rsautl command and command while the required key is stored in the TPM?

I just want to do the following with the "key.pem" key that is stored in the TPM.

openssl rsautl -sign -in file -inkey key.pem -out sig

+3

Taloncor 19 Aug 14 at 15:51

1 answer

jww · Answer 1 · 2014-08-19T22:52:33+0000

How do I tell openssl rsautl to use the key stored in the TPM?

OpenSSL does not provide ENGINE for TPM. I believe you need to use TrouSerS .

R. Henson made several comments on this on the OpenSSL mailing list in the TPM engine .