[strongSwan] Strongswan and TPM

John Brown jb20141125 at gmail.com
Tue Jul 18 12:46:10 CEST 2017


Hi Tobias,
Thank you for your answer. I'm on the first stage of learning TPM but as
far as I understand the general rule the private key should not be
accessible and that was a reason that aforementioned log message drew my
attention. This wiki page I've read is the only way I can learn TPM and
strongswan cooperation or there are some more detailed explanations
somewhere how the process is going?

Best regards,
John

2017-07-18 12:05 GMT+02:00 Tobias Brunner <tobias at strongswan.org>:

> Hi John,
>
> > and I conclude from this example, that private key stored in TPM is
> > loaded to program memory the same way as if it was stored in a file (log
> > message: "...charon-systemd[21165]: loaded RSA private key from token").
> > Am I correct?
>
> No, that's only the generic log message that you'll see for any private
> key loaded by the configuration backend, whether that private key is
> actually loaded into memory or it's just a reference to a key (as is the
> case here).  Private keys on PKCS#11 tokens or in a TPM can't be
> accessed directly, so they never end up in memory.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170718/273d6393/attachment.html>


More information about the Users mailing list