[strongSwan] Fwd: Using TPM to store RSA certificate for VPN/IPSec tunnel opening
Andreas Steffen
andreas.steffen at strongswan.org
Fri Aug 14 09:27:19 CEST 2015
Hi Gilles,
if the certificate and private key secured by the TPM is
reachable via a PKCS#11 smartcard interface then the strongSwan
charon daemon can interact with it and use it for signing the
IKE_AUTH payload.
Best regards
Andreas
On 13.08.2015 23:34, gilles marie wrote:
> Hello,
>
> I have some questions about strongswan use.
>
> I want to administrate devices which would be able to open VPN/IPSec
> tunnels using RSA certificates but which would not be readable by the
> device user.
>
> In order to complete this, I stored RSA certificates on TPM but I wanted
> to know if strongswan was able to interact with it.
>
> And in this case, how does it perform the authentication ?
>
> Best Regards
>
> Gilles
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150814/4670e9cf/attachment.bin>
More information about the Users
mailing list