[gnutls-devel] Proposal for the ASN.1 form of TPM1.2 and TPM2 keys
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Dec 25 10:18:29 CET 2016
On Sat, Dec 24, 2016 at 5:13 PM, James Bottomley
<James.Bottomley at hansenpartnership.com> wrote:
> I think, since it's a key format, the two above are the potential ones.
> It would be TCG if they want to take it into their standard, otherwise
> PKCS is RSA Inc.
I wouldn't expect RSA inc to be involved into this as part of PKCS.
They are dead long time ago and have moved to IETF.
>> However, I'm not sure how expandable is ASN.1 using version fields
>> (I've seen no structure being able to be re-used using a different
>> version). An alternative approach would to allow for future
>> extensions, i.e., something like the PKIX Extension field, which is
>> an OID+data.
>
> As long as the expansion fields are optional, it works nicely. X509
> and X509v3 are examples of version expanded ASN.1
Only if they are defined in the structure early. Otherwise the early
versions of the implementations wouldn't cope with extensions. To make
it early extendable you'd have to use something lilke
TPMKey ::= SEQUENCE {
type OBJECT IDENTIFIER
version [0] IMPLICIT INTEGER OPTIONAL
emptyAuth [1] IMPLICIT BOOLEAN OPTIONAL
parent [2] IMPLICIT INTEGER OPTIONAL
publicKey [3] IMPLICIT OCTET STRING OPTIONAL
privateKey OCTET STRING
extensions [4] EXPLICIT Extensions OPTIONAL
}
regards,
Nikos
More information about the Gnutls-devel
mailing list