Skip to content

Extend key -read and -write functions#279

Open
chris2511 wants to merge 1 commit into
tpm2-software:masterfrom
chris2511:master
Open

Extend key -read and -write functions#279
chris2511 wants to merge 1 commit into
tpm2-software:masterfrom
chris2511:master

Conversation

@chris2511

Copy link
Copy Markdown

If an existing key or the new key is not intended to be stored in a file, the current implementation requires the creation of temporary files with all its odds (cleanup, symlink attack, mktemp)

This change allows to provide the key in many different ways:

A filename of "-" translates to for reading and for writing.

If the file named by "filename" does not exist,
check whether it contains a "-----BEGIN" and try interpreting the filename itself as key.

Extend documentation in README.md

If an existing key or the new key is not intended to be stored
in a file, the current implementation requires the creation of
temporary files with all its odds (cleanup, symlink attack, mktemp)

This change allows to provide the key in many different ways:

A filename of "-" translates to <stdin> for reading and
<stdout> for writing.

If the file named by "filename" does not exist,
check whether it contains a "-----BEGIN" and try interpreting
the filename itself as key.

Extend documentation in README.md

Signed-off-by: Christian Hohnstaedt <christian@hohnstaedt.de>
@TaeZStkyoht

Copy link
Copy Markdown

@chris2511 This is really useful and we were also thinking in the same way. I was using /tmp folder for key creation while using tpm2tss-genkey but our static code analyzer Sonar was warning about this security hotspot.
This functionality definitely must be on this library.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants