I’m looking for a golang version of openssl-tpm-engine, is there one? Not sure if golang TLS supports engines/plugins.
Could not find much info on this topic on the internet, the closest thing I found was the Decryptor and Signer interfaces (https://golang.org/pkg/crypto/#Decrypter).
Any pointers on this is greatly appreciated.
Thank you!
Try below code.
This generates TLS certificate files.
sudo go run $GOROOT/src/crypto/tls/generate_cert.go --host hostname
/usr/local/Cellar/go/1.8/libexec/src…
Looks like a Homebrew path. A universally applicable alternative would be $(go env GOROOT)/src....
Thanks, I’m lazy:sunglasses:
Sorry, I was not clear in my original question. I want to know if go tls supports engine/plugin similar to openssl engine where one could use the tpm to store the keys safely and programmatically load the engine and have openssl access/load the keys. similar to what has been described in this blog https://blog.habets.se/2012/02/TPM-backed-SSL.html
You got pretty close, you additionally need tls.Config and tls.Certificate:
var decrypter crypto.Decrypter
decrypter = <implement this>
cert := &tls.Certificate{}
cert.<other fields>
cert.PrivateKey = decrypter
conn, err := tls.Dial("tcp", "127.0.0.1:443", &tls.Config{
Certificates: []{cert},
})
I only found one crypto.Decrypter implementation (besides https://golang.org/pkg/crypto/rsa/#PrivateKey) - https://godoc.org/pault.ag/go/ykpiv#Slot.
However, I guess you could implement one with https://godoc.org/github.com/google/go-tpm/tpm… or use some OpenSSL binding to call TPM.
Thanks Egon for the useful links.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.