You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think perhaps defaulting to RSA and using the restricted field in the object attributes to determine if
it needs sym key details would be better. Then choosing AES on that case.
the code in tpm2_alg_util_public_init() uses the object attributes to try and find sane defaults. However, these choices to not seem to be the best:
The use of AES gets us into issues where we select aes256 and only aes128 is supported. Perhaps use getcap to find the biggest size supported.
tpm2_getcap - c properties-fixed
# parse yaml and query property TPM2_PT_CONTEXT_SYM_SIZE
The text was updated successfully, but these errors were encountered:
We have this set to 128. The user can externally choose the best algorithm if we pick the wrong one. Getcap is so slow, I would like to avoid going to the TPM for these things.
As initially reported in this thread: tpm2-software/tpm2-pkcs11#52
The man page for tpm2_createprimary states that the default algorithm is
RSA
when it is really rsa2048:aes256.We should look at:
it needs sym key details would be better. Then choosing AES on that case.
The text was updated successfully, but these errors were encountered: