[gnutls-help] Using TPM with PKCS#11 applications
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Dec 5 17:25:41 CET 2013
On Thu, Dec 5, 2013 at 3:53 PM, Thomas Habets <thomas at habets.se> wrote:
> Hi.
>
> Reading http://www.gnutls.org/manual/html_node/Hardware-security-modules-and-abstract-key-types.html
> I understand the situation to be that GnuTLS has support for TPM chips
> via libtspi,
Hello,
The above is correct.
> and GnuTLS supports *using* PKCS#11, but doesn't support
> being used as a PKCS#11 provider. Is that right?
No. GnuTLS doesn't provide a PKCS #11 module.
> I want TPM behind a PKCS11 provider to protect SSH client keys, and
> have written a pkcs11 module that works directly with libtspi. I'm
> trying to find out if GnuTLS has code for this already:
> http://blog.habets.se/2013/11/TPM-chip-protecting-SSH-keys---properly
The trousers library provides a PKCS #11 front-end. I've never managed
to set it up though.
If you are using gnutls I'd suggest to use directly the TPM interface
or simply the TPM urls.
regards,
Nikos
More information about the Gnutls-help
mailing list