[strongSwan] TPM2.0 and ESAPI
andreas.steffen at strongswan.org
Wed Jul 4 17:06:23 CEST 2018
yes, that's correct. Some practical ESAPI examples would help
tremendously. Especially in the form of ESAPI-enabled tpm2-tools.
On 04.07.2018 11:30, Piotr Parus wrote:
> Dzień dobry/Cześć/Hello Andreas,
> Thanks for your quick answer. I understand from it, that switching to
> ESAPI is possible but not in the nearest future as ESAPI is quite new
> and require some significant time to learn how to use it. Am I correct?
> Piotr Parus
> W dniu 26.06.2018 o 17:07, Andreas Steffen pisze:
>> Cześć Piotr,
>> I've been aware of the emerging ESAPI which is indeed offering increased
>> security in the communication with the TPM 2.0 and [hopefully] easier
>> session handling but I wanted to wait for the 2.0.0 stable release,
>> which apparently happened 5 days ago.
>> Porting the strongSwan tpm plugin to ESAPI would be made much easier if
>> the tpm2-tools would also adopt the ESAPI session handling, thus
>> offering example code on how the new API is supposed to be used.
>> On 26.06.2018 08:35, Piotr Parus wrote:
>>> From the source code I see that when strongswan uses TPM2.0 chip it
>>> uses TSS System API (SAPI) without sessions. Does the strongswan
>>> maintainers have plans to switch to Enhanced System API (ESAPI) which
>>> enables easier session handling and encrypting transmission on the wire
>>> to the TPM chip?
>>> Best regards,
>>> Piotr Parus
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users