[strongSwan] Strongswan and TPM

Tobias Brunner tobias at strongswan.org
Tue Jul 18 12:05:45 CEST 2017

Hi John,

> and I conclude from this example, that private key stored in TPM is
> loaded to program memory the same way as if it was stored in a file (log
> message: "...charon-systemd[21165]: loaded RSA private key from token").
> Am I correct?

No, that's only the generic log message that you'll see for any private
key loaded by the configuration backend, whether that private key is
actually loaded into memory or it's just a reference to a key (as is the
case here).  Private keys on PKCS#11 tokens or in a TPM can't be
accessed directly, so they never end up in memory.


More information about the Users mailing list