[gnutls-help] GnuTLS-TPM handshake

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri May 8 21:33:07 CEST 2015

On Fri, 2015-05-08 at 12:32 +0000, Marcos Simó Picó wrote:
> Hi all,  

> I’m trying to set up a TLS session between client and server, both
> provided with a TPM and using mutual authentication. I am checking if
> it is feasible to do it using X.509 certificate authentication. I
> found out that GnuTLS needs to get access to the actual private key
> (either importing it from its URL or directly) by executing
> gnutls_certificate_set_x509_key_file(), before performing the
> handshake. However, it would be interesting that the private key would
> never leave the TPM chip. 

 What you say isn't correct. gnutls_certificate_set_x509_key_file() when
given a tpmkey URL will utilize but not extract any key. Why do you
think it would extract it?


More information about the Gnutls-help mailing list