[strongSwan] Strongswan and TPM
tobias at strongswan.org
Tue Jul 18 12:05:45 CEST 2017
> and I conclude from this example, that private key stored in TPM is
> loaded to program memory the same way as if it was stored in a file (log
> message: "...charon-systemd: loaded RSA private key from token").
> Am I correct?
No, that's only the generic log message that you'll see for any private
key loaded by the configuration backend, whether that private key is
actually loaded into memory or it's just a reference to a key (as is the
case here). Private keys on PKCS#11 tokens or in a TPM can't be
accessed directly, so they never end up in memory.
More information about the Users