Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops

From: Denis Kenzior
Date: Tue Sep 18 2018 - 13:00:54 EST

Next message: Halil Pasic: "Re: [PATCH v10 11/26] s390: vfio-ap: implement mediated device open callback"
Previous message: Christophe Leroy: "[PATCH v4 14/20] powerpc/mm: Move pte_fragment_alloc() to a common location"
In reply to: David Howells: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Next in thread: David Howells: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi David,

On 09/18/2018 11:55 AM, David Howells wrote:

Denis Kenzior <denkenz@xxxxxxxxx> wrote:

In theory the PEM file already contains the type of the certificate, at least
at a high level. E.g. private, public, tpm. So if we accept PEM files
directly that could be potentially a faster way of determining the parser to
use and would still work with keyctl update/instantiate, right?

Yes. It shouldn't be much code, either. You still have to check for X.509
DER since the kernel currently supports that.

For reasons of backward compatibility, correct? The kernel also has mscode.asn1 which we would need to support as well. Since we can't break compatibility then perhaps this doesn't buy us a whole lot in the end.

Regards,
-Denis

Next message: Halil Pasic: "Re: [PATCH v10 11/26] s390: vfio-ap: implement mediated device open callback"
Previous message: Christophe Leroy: "[PATCH v4 14/20] powerpc/mm: Move pte_fragment_alloc() to a common location"
In reply to: David Howells: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Next in thread: David Howells: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]