[strongSwan] Fwd: Using TPM to store RSA certificate for VPN/IPSec tunnel opening
gilles marie
gilles.marie001 at gmail.com
Fri Aug 14 11:57:06 CEST 2015
Thanks for the answer.
Can trouSerS be use for PKCS11 smartcard interface ?
What has to be mentionned in ipsec.conf and ipsec.secrets ?
Is it strongswan which will encrypt IKE_AUTH payload or the TPM himself ?
Gilles
2015-08-14 9:27 GMT+02:00 Andreas Steffen <andreas.steffen at strongswan.org>:
> Hi Gilles,
>
> if the certificate and private key secured by the TPM is
> reachable via a PKCS#11 smartcard interface then the strongSwan
> charon daemon can interact with it and use it for signing the
> IKE_AUTH payload.
>
> Best regards
>
> Andreas
>
>
> On 13.08.2015 23:34, gilles marie wrote:
>
>> Hello,
>>
>> I have some questions about strongswan use.
>>
>> I want to administrate devices which would be able to open VPN/IPSec
>> tunnels using RSA certificates but which would not be readable by the
>> device user.
>>
>> In order to complete this, I stored RSA certificates on TPM but I wanted
>> to know if strongswan was able to interact with it.
>>
>> And in this case, how does it perform the authentication ?
>>
>> Best Regards
>>
>> Gilles
>>
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150814/bc506cc8/attachment.html>
More information about the Users
mailing list