search for: tpms

...9C02FF419FECBE16 On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: > `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` > and this prevents ssh-agent implementations that can't support sha512 > from signing messages. > > An example of this is TPMs which mostly only really supports sha256 > widely. > > This change enables `ssh-keygen -Y sign` to honor the `hashalg` option > for the signing algorithm. > > Signed-off-by: Morten Linderud <morten at linderud.pw> > --- > sshsig.c | 10 ++++++++-- > 1 file change...

`ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` and this prevents ssh-agent implementations that can't support sha512 from signing messages. An example of this is TPMs which mostly only really supports sha256 widely. This change enables `ssh-keygen -Y sign` to honor the `hashalg` option for the signing algorithm. Signed-off-by: Morten Linderud <morten at linderud.pw> --- sshsig.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --gi...

..., Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: > > `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` > > and this prevents ssh-agent implementations that can't support sha512 > > from signing messages. > > > > An example of this is TPMs which mostly only really supports sha256 > > widely. > > > > This change enables `ssh-keygen -Y sign` to honor the `hashalg` option > > for the signing algorithm. > > > > Signed-off-by: Morten Linderud <morten at linderud.pw> > > --- > > sshs...

...9PM +0200, Morten Linderud wrote: > > > `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` > > > and this prevents ssh-agent implementations that can't support sha512 > > > from signing messages. > > > > > > An example of this is TPMs which mostly only really supports sha256 > > > widely. > > > > > > This change enables `ssh-keygen -Y sign` to honor the `hashalg` option > > > for the signing algorithm. > > > > > > Signed-off-by: Morten Linderud <morten at linderud.pw>...

...n Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: >> `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` >> and this prevents ssh-agent implementations that can't support sha512 >> from signing messages. >> >> An example of this is TPMs which mostly only really supports sha256 >> widely. >> >> This change enables `ssh-keygen -Y sign` to honor the `hashalg` option >> for the signing algorithm. >> >> Signed-off-by: Morten Linderud <morten at linderud.pw> >> --- >> sshsig.c | 10...

Have people given thought to the private key encryption methods in light of potential quantum attacks? While the recent paper about breaking 50bit RSA doesn't pose a threat I've been thinking about future harvest now, decrypt later attacks against CC20 and AES. Are there post quantum ciphers that can effectively replace these available or in development? Is the threat still too far off to

I am removing the experimental feature that allows buffer sizes for transfers from TPMs larger than 2kb. This could become useful if a vTPM is located in its owns domain and needs to be serialized for suspension or migration and the packet size becomes bigger than the current limit. Partial reads were supposed to complement this feature for applications to know how many bytes to read...

...e-now-decrypt-later situation for signature schemes in SSH. The closest concern is long-lived signing keys that would be troublesome to rotate before a QC becomes available. There's not many of these in the SSH ecosystem, but examples could include hardware security devices (smartcards, tokens, TPMs, HSMs) and, to a lesser extent, CA keys. -d Disclaimer: I'm neither a cryptographer nor a quantum physicist.

Hi everyone, I am using Xen 3.2.1 with the vtpm-12-patch.diff patch posted in [0]. My TPM is an Infineon 1.2. In total I have got three different questions: 1. NVM loading problem at VM creation When I am creating a VM the last few lines of the vtpm_manager output are: TPMD[245]: tpm/tpm_startup.c:45: Info: TPM_Startup(1) Loading NVM. Sending LoadNVM command ERROR[VTPM]: Failed to load

This patch adds a new option for xen config files for directly mapping hardware io memory into a vm. Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 index 013270d..428da21 100644 --- a/docs/man/xl.cfg.pod.5 +++ b/docs/man/xl.cfg.pod.5 @@ -496,6 +496,17 @@ is given in hexadecimal and may either a span e.g.