[gnutls-help] Certtool and TPM

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jun 1 21:40:46 CEST 2015

On Mon, 2015-06-01 at 12:38 +0000, Marcos Simó Picó wrote:
> ​Hi everyone, 
> I'm trying to generate a certificate of a key stored in a TPM using
> certtool. Basically I was following the commands explained
> in http://nmav.gnutls.org/2012/08/using-trusted-platform-module-to.html
> I can generate the RSA key pair and get the public part perfectly,
> however, when I invoke certtool for generating a certificate, it
> returns: Error in provided SRK password for TPM.​ As far as I know,
> there's no option to provide the SRK to certtool. 
> I'm using GnuTLS 3.3.15, and tried to clear the TPM several times and
> repeat everything with no success. 

 What is the output when you use -d 9? It should have asked for a
password using the PKCS #11 callback. It is either a regression or you
have PKCS #11 disabled?


More information about the Gnutls-help mailing list