-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create RSA with both Sign and Encrypt/Decrypt #243
Comments
My hazy recollection of the TPM spec is 2 things:
|
@chrisfenner
which I dont see an Decrytion scheme actually. Is there an example for that ? |
Sorry for my bad memory. It's the opposite: you can't specify a scheme for a "general purpose" key. Here's what the spec says about the scheme:
go-tpm reflects TPMS_RSA_PARMS imperfectly (filed #244), where we only support setting signature schemes on Lines 204 to 210 in d331077
Does it work if you take out Line 1703 in d331077
|
Thank you very much @chrisfenner. Above method works! |
I'm so glad to have helped, @lihanshang! Closing this since I opened #244 to track the underlying issue with the library that I think led to trouble. Please re-open if you think there is another issue that is not tracked. |
Hey folks
I am trying to create an RSA key can both sign and encrypt/decrypt under SRK. However when I add both sign and decrypt like this:
it fails saying
parameter 2, error code 0x12 : unsupported or incompatible scheme
When I only use either
FlagDecrypt
orFlagSign
it worked. Is there any constraint on creating key that an RSA key cannot both sign and encrypt?\I think it is doable since I saw this:
https://github.com/tpm2-software/tpm2-tss-engine/blob/89327fa8b51962348c46ddc659fb8c3636336a60/test/rsasign_importtpm.sh#L21-L25
Thank you very much!
The text was updated successfully, but these errors were encountered: