[strongSwan] Fwd: Using TPM to store RSA certificate for VPN/IPSec tunnel opening

gilles marie gilles.marie001 at gmail.com
Fri Aug 14 11:57:06 CEST 2015


Thanks for the answer.

Can trouSerS be use for PKCS11 smartcard interface ?

What has to be mentionned in ipsec.conf and ipsec.secrets ?

Is it strongswan which will encrypt IKE_AUTH payload or the TPM himself ?

Gilles

2015-08-14 9:27 GMT+02:00 Andreas Steffen <andreas.steffen at strongswan.org>:

> Hi Gilles,
>
> if the certificate and private key secured by the TPM is
> reachable via a PKCS#11 smartcard interface then the strongSwan
> charon daemon can interact with it and use it for signing the
> IKE_AUTH payload.
>
> Best regards
>
> Andreas
>
>
> On 13.08.2015 23:34, gilles marie wrote:
>
>> Hello,
>>
>> I have some questions about strongswan use.
>>
>> I want to administrate devices which would be able to open VPN/IPSec
>> tunnels using RSA certificates but which would not be readable by the
>> device user.
>>
>> In order to complete this, I stored RSA certificates on TPM but I wanted
>> to know if strongswan was able to interact with it.
>>
>> And in this case, how does it perform the authentication ?
>>
>> Best Regards
>>
>> Gilles
>>
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150814/bc506cc8/attachment.html>


More information about the Users mailing list