[strongSwan] Fwd: Using TPM to store RSA certificate for VPN/IPSec tunnel opening
gilles.marie001 at gmail.com
Fri Aug 14 11:57:06 CEST 2015
Thanks for the answer.
Can trouSerS be use for PKCS11 smartcard interface ?
What has to be mentionned in ipsec.conf and ipsec.secrets ?
Is it strongswan which will encrypt IKE_AUTH payload or the TPM himself ?
2015-08-14 9:27 GMT+02:00 Andreas Steffen <andreas.steffen at strongswan.org>:
> Hi Gilles,
> if the certificate and private key secured by the TPM is
> reachable via a PKCS#11 smartcard interface then the strongSwan
> charon daemon can interact with it and use it for signing the
> IKE_AUTH payload.
> Best regards
> On 13.08.2015 23:34, gilles marie wrote:
>> I have some questions about strongswan use.
>> I want to administrate devices which would be able to open VPN/IPSec
>> tunnels using RSA certificates but which would not be readable by the
>> device user.
>> In order to complete this, I stored RSA certificates on TPM but I wanted
>> to know if strongswan was able to interact with it.
>> And in this case, how does it perform the authentication ?
>> Best Regards
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users