Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops

From: Denis Kenzior
Date: Tue Sep 18 2018 - 12:37:50 EST

Next message: David Howells: "Re: [PATCH 14/33] vfs: Implement a filesystem superblock creation/configuration context [ver #11]"
Previous message: tip-bot for Dou Liyang: "[tip:x86/apic] irq/matrix: Spread managed interrupts on allocation"
In reply to: David Howells: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Next in thread: David Howells: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi David,

It passes it to each parser in turn till one says it can parse it. It's not
ideal, but it seems to work - so far. Better would be to annotate it in some
way. I have considered annotating the type field so that the payload doesn't
have to have it added:

keyctl padd asymmetric.x509 "" @s </tmp/foo.x509
keyctl padd asymmetric.pkcs#8 ...
keyctl padd asymmetric.tpm ...

However, this doesn't work with "keyctl update" or "keyctl instantiate".

In theory the PEM file already contains the type of the certificate, at least at a high level. E.g. private, public, tpm. So if we accept PEM files directly that could be potentially a faster way of determining the parser to use and would still work with keyctl update/instantiate, right?

Regards,
-Denis

Next message: David Howells: "Re: [PATCH 14/33] vfs: Implement a filesystem superblock creation/configuration context [ver #11]"
Previous message: tip-bot for Dou Liyang: "[tip:x86/apic] irq/matrix: Spread managed interrupts on allocation"
In reply to: David Howells: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Next in thread: David Howells: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]