Comments (3)
In the longer term, we can discuss if we want to transition our root cert format away from the current binary concatenation form, to just using a static x.509 (like we're doing with the client certs, except in this case parsing a cert, rather than building it).
I think we should have a discussion about this soon (maybe later this week). We might not act on that immediately, but should at least decide on the file formats that we want.
from xtt.
Regarding root certificates:
Yes, this should (now) be as simple as:
- Updating
xtt_initialize_server_root_certificate_context_ecdsap256
to take just axtt_root_certificate
, rather than the root id and pub key separately- To maintain backward-compatibility, we can leave the old version, taking the two separate pieces, too
- Once that's done, we should remove the
initialize_certs
andlookup_certificate
functions fromclient.c
, and remove the global root ID and root cert. Instead, just read in the root cert and use it to initialize a root context (which lives inrun_client
, not as a global), and simply pass it directly toxtt_handshake_client_build_idclientattest
without having to "look it up" (which we never actually were doing anyhow).
In the longer term, we can discuss if we want to transition our root cert format away from the current binary concatenation form, to just using a static x.509 (like we're doing with the client certs, except in this case parsing a cert, rather than building it).
from xtt.
Regarding the discussion on root cert formats, see the discussion in issue #67
from xtt.
Related Issues (20)
- Return non-zero in case of an error in the tool
- Improve travis testing of static-lib build and installation
- Minimum xaptum-tpm version must be bumped in CMakeLists.txt
- Allow xtt_save_to_file to set file permissions
- Saving a file does not always completely overwrite the old file HOT 1
- Support ECDSA key-generation/signing in TPM2.0 HOT 1
- build & test issues compiling under raspbian HOT 9
- Update version of XTT in CMake and in homebrew 0.9.3 HOT 3
- Define Standardized Handles HOT 5
- Support for the Infineon SLB9670 7.63 firmware
- Taking out examples and updating README HOT 1
- Moving read_nvram(...) into XTT library HOT 2
- Disable validity periods in certificates
- Fix inconsistencies in tool help messages and defaults HOT 1
- Building tools without TPM support fails
- Creating object oriented contexts
- Remove server ID from server certificates
- Combine basename and GPK HOT 2
- Tool requires a root cert even when using a TPM
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xtt.