[PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops
Denis Kenzior
denkenz at gmail.com
Tue Sep 18 05:51:07 UTC 2018
Hi David,
> It passes it to each parser in turn till one says it can parse it. It's not
> ideal, but it seems to work - so far. Better would be to annotate it in some
> way. I have considered annotating the type field so that the payload doesn't
> have to have it added:
>
> keyctl padd asymmetric.x509 "" @s </tmp/foo.x509
> keyctl padd asymmetric.pkcs#8 ...
> keyctl padd asymmetric.tpm ...
>
> However, this doesn't work with "keyctl update" or "keyctl instantiate".
>
In theory the PEM file already contains the type of the certificate, at
least at a high level. E.g. private, public, tpm. So if we accept PEM
files directly that could be potentially a faster way of determining the
parser to use and would still work with keyctl update/instantiate, right?
Regards,
-Denis
More information about the Linux-security-module-archive
mailing list