generate private key, keep it in TPM #148
Description
Please clarify, should it be possible to generate a key private key within the TPM, and leave it in the TPM in one of the handles.
I thought that running, for instance:
%/sandel/3rd/openssl/bin/openssl genpkey -provider tpm2 -algorithm RSA -out handle:0x0x81000000
Warning: generating random key material may take a long time
if the system has a poor entropy source
would store the key into that handle, but that does not work:
%ls -l
total 4
-rw------- 1 mcr mcr 788 Aug 9 23:08 handle:0x0x81000000
Presumably because openssl's genpkey has not been updated to use the OSSL_STORE_* APIs.
Please confirm my understanding. Yes, I can use the tss2_createkey, etc.
But, it does say: "These URI prefixes may be used with any openssl command."
built a fresh-one, just to be sure:
%/sandel/3rd/openssl/bin/openssl version
OpenSSL 3.5.2-dev (Library: OpenSSL 3.5.2-dev )