[strongSwan] TPM Owner password in strongswan IMC

Charak, Vikas vicharak at verisign.com
Fri Aug 12 19:58:29 CEST 2016

Transmitting the password from SS server to SS clients thru IMV is a good alternative, as this way the password is stored on the server only with proper access and obfuscation.


On 8/12/16, 11:46 AM, "Andreas Steffen" <andreas.steffen at strongswan.org> wrote:

    Hi Vikas,
    there is currently no provision to use a non-default password.
    Putting the TPM owner password into strongswan.conf wouldn't make
    any sense so some kind of password-prompting mechanism would have
    to be built into the IMC. Or if the IMV would transmit the password
    via an IF-M attribute to the IMC, this would give the IMC on the
    client a chance to retrieve the password.
    Best regards
    On 08/12/2016 05:09 PM, Charak, Vikas wrote:
    > Hi StrongSwan Team,
    > I have a question regarding Attestation using IMC/IMV. On properly
    > configuring attestation plugin in StrongSwan client, I do see that TPM
    > quotes being send to the StrongSwan server.
    > This all works fine if you are using default TPM owner and SRK auth at
    > the client side. Is there a provision in StrongSwan  to use a
    > non-default password for TPM owner authentication? If yes, is there a
    > configuration in strongswan to set the TPM Owner password?
    > Regards,
    > Vikas
    Andreas Steffen                         andreas.steffen at strongswan.org
    strongSwan - the Open Source VPN Solution!          www.strongswan.org
    Institute for Internet Technologies and Applications
    University of Applied Sciences Rapperswil
    CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5302 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160812/44ed9439/attachment-0001.bin>

More information about the Users mailing list