<div dir="ltr">Thanks for the answer. <div><br></div><div>Can trouSerS be use for PKCS11 smartcard interface ?</div><div><br></div><div>What has to be mentionned in ipsec.conf and ipsec.secrets ?</div><div><br></div><div>Is it strongswan which will encrypt IKE_AUTH payload or the TPM himself ?</div><div><br></div><div>Gilles</div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-08-14 9:27 GMT+02:00 Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Gilles,<br>
<br>
if the certificate and private key secured by the TPM is<br>
reachable via a PKCS#11 smartcard interface then the strongSwan<br>
charon daemon can interact with it and use it for signing the<br>
IKE_AUTH payload.<br>
<br>
Best regards<br>
<br>
Andreas<div><div class="h5"><br>
<br>
On 13.08.2015 23:34, gilles marie wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
I have some questions about strongswan use.<br>
<br>
I want to administrate devices which would be able to open VPN/IPSec<br>
tunnels using RSA certificates but which would not be readable by the<br>
device user.<br>
<br>
In order to complete this, I stored RSA certificates on TPM but I wanted<br>
to know if strongswan was able to interact with it.<br>
<br>
And in this case, how does it perform the authentication ?<br>
<br>
Best Regards<br>
<br>
Gilles<br>
</blockquote>
<br></div></div>
======================================================================<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Open Source VPN Solution! <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
<br>
</blockquote></div><br></div>