Topics

Verification via public key fails...

jvert
 

Hi,

I'm able to sign using the following:

$ openssl dgst -engine tpm2 -keyform engine -sha256 -sign //nvkey:81800001 xxx >xxx.sig
engine "tpm2" set.
$ xxd xxx.sig
00000000: 3044 0220 5444 ae8c 36a1 c308 ef65 8f06 0D. TD..6....e..
00000010: e554 0e1a f136 948e eeed a6ab 5a74 c4e3 .T...6......Zt..
00000020: a717 ccac 0220 2e29 f92c 9cb3 733b b295 ..... .).,..s;..
00000030: d9cf 6fe8 b17e b1dc 00cd 3c92 fe1f d6ec ..o..~....<.....
00000040: 0b47 0448 0178 .G.H.x

What’s curious is that I’m not able to verify in a symmetric manner using the engine and the nvkey moniker:

$ openssl dgst -engine tpm2 -keyform engine -verify //nvkey:81800001 -signature xxx.sig xxx
engine "tpm2" set.
cannot load key file from engine
140075721995456:error:26097075:engine routines:ENGINE_load_public_key:not initialised:../crypto/engine/eng_pkey.c:97:
unable to load key file

I _am_ able to verify using -prverify, so it would seem that using the public key via the nvkey moniker doesn't work.

Thanks.