[strongSwan] TPM2.0 and ESAPI

Andreas Steffen andreas.steffen at strongswan.org
Wed Jul 4 17:06:23 CEST 2018

Cześć Piotr,

yes, that's correct. Some practical ESAPI examples would help
tremendously. Especially in the form of ESAPI-enabled tpm2-tools.

Na razie


On 04.07.2018 11:30, Piotr Parus wrote:
> Dzień dobry/Cześć/Hello Andreas,
> Thanks for your quick answer. I understand from it, that switching to
> ESAPI is possible but not in the nearest future as ESAPI is quite new
> and require some significant time to learn how to use it. Am I correct?
> Pozdrowienia/Regards,
> Piotr Parus
> W dniu 26.06.2018 o 17:07, Andreas Steffen pisze:
>> Cześć Piotr,
>> I've been aware of the emerging ESAPI which is indeed offering increased
>> security in the communication with the TPM 2.0 and [hopefully] easier
>> session handling but I wanted to wait for the 2.0.0 stable release,
>> which apparently happened 5 days ago.
>> Porting the strongSwan tpm plugin to ESAPI would be made much easier if
>> the tpm2-tools would also adopt the ESAPI session handling, thus
>> offering example code on how the new API is supposed to be used.
>> Pozdrowienia
>> Andreas
>> On 26.06.2018 08:35, Piotr Parus wrote:
>>> Hello!
>>>   From the source code I see that when strongswan uses TPM2.0 chip it
>>> uses TSS System API (SAPI) without sessions. Does the strongswan
>>> maintainers have plans to switch to  Enhanced System API (ESAPI) which
>>> enables easier session handling and encrypting transmission on the wire
>>> to the TPM chip?
>>> Best regards,
>>> Piotr Parus

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list