[gnutls-devel] GnuTLS | Port openconnect TPM2 code (!1460)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Sep 28 13:25:56 CEST 2021

David Woodhouse commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1460#note_688887982

> I tried, but it was not possible; maybe I'm missing something. See the reproducer at https://gitlab.com/gnutls/gnutls/-/issues/594#note_651399228

Er, I don't think that "reproducer" is showing what you think it is. That's just demonstrating what I'm *complaining* about here. In that link we see you creating a key with a parent generated one way, and then failing to load it when you generated the parent differently. Yes, that is well known; you can only load the key using the *same* parent. If you try to use *different* parent, that doesn't work.

Even if you keep the key type the same and just vary the flags, like the FixedTPM and FixedParent flags, that still results in a different and incompatible key.

That incompatibility is precisely *why* you have to stick to the exact parameters (including key type) that is defined as part of the key storage format!

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1460#note_688887982
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210928/26e11dd6/attachment.html>

More information about the Gnutls-devel mailing list