You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TLS 1.2 facilitates cipher suites that rely on the prior exchange of a shared secret for symmetric (bulk) encryption and the storage of pre-shared keys (PSK) by communication parties (e.g., TLS_PSK_WITH_AES_128_GCM_SHA256). In such scenarios, it's crucial to securely store the pre-shared key, ideally within a Hardware Security Module (HSM) available in the platform/system.
For security reasons, it's essential that the pre-shared key never leaves the HSM, and all operations utilizing the PSK occur within a trusted environment. In the context of the TLS protocol, key derivation using the pre-shared key should be delegated to the HSM, with only the calculated TLS session key used outside of it. A similar approach could be applied to signing and verifying the Finished message. The PKCS#11 interface is typically used to achieve this goal.
OpenSSL supports engines (pre-3.0) and providers (3.0 onwards).
Does OpenSSL currently support TLS 1.2 with PSK while delegating crypto operations (such as session key derivation, signing, and verifying the Finished message) to an HSM using engines/providers?
If not, does this feature sound reasonable enough to be considered for inclusion in the roadmap?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi Everyone,
TLS 1.2 facilitates cipher suites that rely on the prior exchange of a shared secret for symmetric (bulk) encryption and the storage of pre-shared keys (PSK) by communication parties (e.g., TLS_PSK_WITH_AES_128_GCM_SHA256). In such scenarios, it's crucial to securely store the pre-shared key, ideally within a Hardware Security Module (HSM) available in the platform/system.
For security reasons, it's essential that the pre-shared key never leaves the HSM, and all operations utilizing the PSK occur within a trusted environment. In the context of the TLS protocol, key derivation using the pre-shared key should be delegated to the HSM, with only the calculated TLS session key used outside of it. A similar approach could be applied to signing and verifying the Finished message. The PKCS#11 interface is typically used to achieve this goal.
OpenSSL supports engines (pre-3.0) and providers (3.0 onwards).
Does OpenSSL currently support TLS 1.2 with PSK while delegating crypto operations (such as session key derivation, signing, and verifying the Finished message) to an HSM using engines/providers?
If not, does this feature sound reasonable enough to be considered for inclusion in the roadmap?
Thank you for your support!
Beta Was this translation helpful? Give feedback.
All reactions