[strongSwan] TPM2.0 and ESAPI

Andreas Steffen andreas.steffen at strongswan.org
Tue Jun 26 17:07:43 CEST 2018

Cześć Piotr,

I've been aware of the emerging ESAPI which is indeed offering increased
security in the communication with the TPM 2.0 and [hopefully] easier
session handling but I wanted to wait for the 2.0.0 stable release,
which apparently happened 5 days ago.

Porting the strongSwan tpm plugin to ESAPI would be made much easier if
the tpm2-tools would also adopt the ESAPI session handling, thus
offering example code on how the new API is supposed to be used.



On 26.06.2018 08:35, Piotr Parus wrote:
> Hello!
>  From the source code I see that when strongswan uses TPM2.0 chip it
> uses TSS System API (SAPI) without sessions. Does the strongswan
> maintainers have plans to switch to  Enhanced System API (ESAPI) which
> enables easier session handling and encrypting transmission on the wire
> to the TPM chip?
> Best regards,
> Piotr Parus

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list