[gnutls-devel] Proposal for the ASN.1 form of TPM1.2 and TPM2 keys

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Dec 25 10:18:29 CET 2016

On Sat, Dec 24, 2016 at 5:13 PM, James Bottomley
<James.Bottomley at hansenpartnership.com> wrote:

> I think, since it's a key format, the two above are the potential ones.
>  It would be TCG if they want to take it into their standard, otherwise
> PKCS is RSA Inc.

I wouldn't expect RSA inc to be involved into this as part of PKCS.
They are dead long time ago and have moved to IETF.

>>  However, I'm not sure how expandable is ASN.1 using version fields
>> (I've seen no structure being able to be re-used using a different
>> version). An alternative approach would to allow for future
>> extensions, i.e., something like the PKIX Extension field, which is
>> an OID+data.
> As long as the expansion fields are optional, it works nicely.  X509
> and X509v3 are examples of version expanded ASN.1

Only if they are defined in the structure early. Otherwise the early
versions of the implementations wouldn't cope with extensions. To make
it early extendable you'd have to use something lilke
        type            OBJECT IDENTIFIER
        version         [0] IMPLICIT INTEGER OPTIONAL
        emptyAuth       [1] IMPLICIT BOOLEAN OPTIONAL
        parent          [2] IMPLICIT INTEGER OPTIONAL
        publicKey       [3] IMPLICIT OCTET STRING OPTIONAL
        privateKey      OCTET STRING
         extensions      [4]  EXPLICIT Extensions OPTIONAL


More information about the Gnutls-devel mailing list