[strongSwan] Strongswan and TPM

Andreas Steffen andreas.steffen at strongswan.org
Thu Aug 31 12:46:24 CEST 2017

Hi John,

currently strongSwan supports signature keys residing in the NVRAM
of the TPM 2.0, only. These can be accessed using the object handle
range 0x8101xxxx. Private keys stored in the NVRAM of the TPM 2.0
have the big advantage that you can wipe the hard disk or SSD
without irretrievably losing the keys.

But as you correctly mention in principle an unlimited number of
keys can be stored in encrypted form outside the TPM. With the TPM 2.0
you have to load them into NVRAM first, before you can do any
signature operations. strongSwan does not support external keys, though.

strongSwan does not offer any signature key support for the TPM 1.2.
The TPM 1.2 can be used for attestation, only (implemented by the
Attestion IMC dynamic library) where the TPM 1.2 loads an external
attestation key blob and generates a Quote signature over a certain
number of PCR registers.

Hope this helps.


On 31.08.2017 10:46, John Brown wrote:
> Hi Tobias/Hi all,
> After some reading I have a conclusion that TPM 2.0 can only be used
> with strongswan 5.5.2 or newer.
> The example that the strongswan wiki provides shows storing the keys
> inside the tpm (as far as I understand the example correctly). But all
> the tpm sources I've read states that the keys can also be stored
> externally but in encrypted form by the tpm. Is this a general rule that
> can also be used with strongswan?
> Additionaly, an example shows usage with swanctl.conf. Can ipsec.conf be
> also used?
> What about TPM 1.2? I've found that it is mentioned in TNC. But can I
> use TPM 1.2 only for key storage in strongswan? If yes, which version of
> strongswan is the oldest that can be used for this?
> Best regards,
> John
> 2017-07-18 12:46 GMT+02:00 John Brown <jb20141125 at gmail.com
> <mailto:jb20141125 at gmail.com>>:
>     Hi Tobias,
>     Thank you for your answer. I'm on the first stage of learning TPM
>     but as far as I understand the general rule the private key should
>     not be accessible and that was a reason that aforementioned log
>     message drew my attention. This wiki page I've read is the only way
>     I can learn TPM and strongswan cooperation or there are some more
>     detailed explanations somewhere how the process is going?
>     Best regards,
>     John
>     2017-07-18 12:05 GMT+02:00 Tobias Brunner <tobias at strongswan.org
>     <mailto:tobias at strongswan.org>>:
>         Hi John,
>         > and I conclude from this example, that private key stored in TPM is
>         > loaded to program memory the same way as if it was stored in a file (log
>         > message: "...charon-systemd[21165]: loaded RSA private key from token").
>         > Am I correct?
>         No, that's only the generic log message that you'll see for any
>         private
>         key loaded by the configuration backend, whether that private key is
>         actually loaded into memory or it's just a reference to a key
>         (as is the
>         case here).  Private keys on PKCS#11 tokens or in a TPM can't be
>         accessed directly, so they never end up in memory.
>         Regards,
>         Tobias

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3859 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170831/bcdcd9a0/attachment.bin>

More information about the Users mailing list