[strongSwan] Support for TPM in Strongswan
Andreas Steffen
andreas.steffen at strongswan.org
Wed Feb 10 20:57:45 CET 2016
Hi Mahendra,
private keys bound to a TPM are currently available for use with
strongSwan IKE public key authentication via the PKCS#11 interface
offered by the pkcs11 plugin, only. To be honest, I've never been able
to get the PKCS#11 support coming with the tpm-tools package up and
running, though.
strongSwan can use a version 1.2 TPM directly for TCG TNC attestation
purposes (Quote and Quote2 signatures) but not for general
authentication signatures.
Best regards
Andreas
On 10.02.2016 18:41, Mahendra SP wrote:
> Hi All,
>
> I am looking in to using TPM hardware which will have certificate
> privavate key with strongswan. In this particular use case, certificate
> private key is securely stored in TPM. When Strongswan configured to use
> certificate auth method, should offload certificate validation to TPM.
> Can this be achieved ? are there any callback based approaches in
> Strongswan to make this use case work ?
>
> Please reply
>
> Thanks
> Mahendra
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160210/fcf953d7/attachment.bin>
More information about the Users
mailing list