[strongSwan] Support for TPM in Strongswan

Andreas Steffen andreas.steffen at strongswan.org
Wed Feb 10 20:57:45 CET 2016

Hi Mahendra,

private keys bound to a TPM are currently available for use with
strongSwan IKE public key authentication via the PKCS#11 interface
offered by the pkcs11 plugin, only. To be honest, I've never been able
to get the PKCS#11 support coming with the tpm-tools package up and 
running, though.

strongSwan can use a version 1.2 TPM directly for TCG TNC attestation 
purposes (Quote and Quote2 signatures) but not for general
authentication signatures.

Best regards


On 10.02.2016 18:41, Mahendra SP wrote:
> Hi All,
> I am looking in to using TPM hardware which will have certificate
> privavate key with strongswan. In this particular use case, certificate
> private key is securely stored in TPM. When Strongswan configured to use
> certificate auth method, should offload certificate validation to TPM.
> Can this be achieved ? are there any callback based approaches in
> Strongswan to make this use case work ?
> Please reply
> Thanks
> Mahendra

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160210/fcf953d7/attachment.bin>

More information about the Users mailing list