[strongSwan] TPM2.0 and ESAPI
Piotr Parus
pparus at mikronika.com.pl
Wed Jul 4 11:30:41 CEST 2018
Dzień dobry/Cześć/Hello Andreas,
Thanks for your quick answer. I understand from it, that switching to
ESAPI is possible but not in the nearest future as ESAPI is quite new
and require some significant time to learn how to use it. Am I correct?
Pozdrowienia/Regards,
Piotr Parus
W dniu 26.06.2018 o 17:07, Andreas Steffen pisze:
> Cześć Piotr,
>
> I've been aware of the emerging ESAPI which is indeed offering increased
> security in the communication with the TPM 2.0 and [hopefully] easier
> session handling but I wanted to wait for the 2.0.0 stable release,
> which apparently happened 5 days ago.
>
> Porting the strongSwan tpm plugin to ESAPI would be made much easier if
> the tpm2-tools would also adopt the ESAPI session handling, thus
> offering example code on how the new API is supposed to be used.
>
> Pozdrowienia
>
> Andreas
>
> On 26.06.2018 08:35, Piotr Parus wrote:
>> Hello!
>>
>> From the source code I see that when strongswan uses TPM2.0 chip it
>> uses TSS System API (SAPI) without sessions. Does the strongswan
>> maintainers have plans to switch to Enhanced System API (ESAPI) which
>> enables easier session handling and encrypting transmission on the wire
>> to the TPM chip?
>>
>> Best regards,
>>
>> Piotr Parus
>>
More information about the Users
mailing list