[strongSwan] TPM2.0 and ESAPI

Piotr Parus pparus at mikronika.com.pl
Wed Jul 4 11:30:41 CEST 2018

Dzień dobry/Cześć/Hello Andreas,

Thanks for your quick answer. I understand from it, that switching to 
ESAPI is possible but not in the nearest future as ESAPI is quite new 
and require some significant time to learn how to use it. Am I correct?


Piotr Parus

W dniu 26.06.2018 o 17:07, Andreas Steffen pisze:
> Cześć Piotr,
> I've been aware of the emerging ESAPI which is indeed offering increased
> security in the communication with the TPM 2.0 and [hopefully] easier
> session handling but I wanted to wait for the 2.0.0 stable release,
> which apparently happened 5 days ago.
> Porting the strongSwan tpm plugin to ESAPI would be made much easier if
> the tpm2-tools would also adopt the ESAPI session handling, thus
> offering example code on how the new API is supposed to be used.
> Pozdrowienia
> Andreas
> On 26.06.2018 08:35, Piotr Parus wrote:
>> Hello!
>>   From the source code I see that when strongswan uses TPM2.0 chip it
>> uses TSS System API (SAPI) without sessions. Does the strongswan
>> maintainers have plans to switch to  Enhanced System API (ESAPI) which
>> enables easier session handling and encrypting transmission on the wire
>> to the TPM chip?
>> Best regards,
>> Piotr Parus

More information about the Users mailing list