Load TSS2 Private Key generated with tpm2tss-genkey

Question

Load TSS2 Private Key generated with tpm2tss-genkey

DanielEjnar opened this issue 2 years ago · 2 comments

I am trying to use an existing private key made using tpm2tss-genkey (a PEM encoded private key), but cannot seem to find a way to import it correctly.
I see no direct possibility to import it using go-tpm, so I have tried importing it using tpm2tools by running tpm2_loadexternal -r private.key -T device:/dev/tpmrm0 -c private.ctx to get a context file and then load that file in the following way

rwc, err := tpm2.OpenTPM("/dev/tpmrm0")
b, err := ioutil.ReadFile("primary.ctx")
kh, err := tpm2.ContextLoad(rwc, b)

The issue is I get err == EOF, and that doesn't really tell me what is going wrong.

Essentially my question is: Are there any way to import the private key to use it with go-tpm?

Answer 1 · 2023-10-09T19:06:40.000Z

I've implemented this in aws/rolesanywhere-credential-helper#38 but it would be good for go-tpm to support it directly.

Answer 2 · 2024-03-01T20:26:53.000Z

I've implemented go-tpm-keyfiles as a standalone library thing.