<div dir="ltr"><div><div><div>Hi Tobias, <br></div>Thank you for your answer. I'm on
the first stage of learning TPM but as far as I understand the general
rule the private key should not be accessible and that was a reason that
aforementioned log message drew my attention. This wiki page I've read
is the only way I can learn TPM and strongswan cooperation or there are
some more detailed explanations somewhere how the process is going?<br><br></div>Best regards,<br></div>John<br><div class="gmail_extra"><br><div class="gmail_quote">2017-07-18 12:05 GMT+02:00 Tobias Brunner <span dir="ltr"><<a href="mailto:tobias@strongswan.org" target="_blank">tobias@strongswan.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi John,<br>
<span class=""><br>
> and I conclude from this example, that private key stored in TPM is<br>
> loaded to program memory the same way as if it was stored in a file (log<br>
> message: "...charon-systemd[21165]: loaded RSA private key from token").<br>
> Am I correct?<br>
<br>
</span>No, that's only the generic log message that you'll see for any private<br>
key loaded by the configuration backend, whether that private key is<br>
actually loaded into memory or it's just a reference to a key (as is the<br>
case here). Private keys on PKCS#11 tokens or in a TPM can't be<br>
accessed directly, so they never end up in memory.<br>
<br>
Regards,<br>
Tobias<br>
</blockquote></div><br></div></div>