Dear Martin,a fellow student used the TPM together with a Firefox extension, and built a secure credential vault in his diploma thesis last year. Maybe the paper he wrote about it provides some further thoughts:
Paper Title: Injecting Trust to Cryptographic Key Management Authors: Gökhan Bal, Andreas Schmidt and Nicolai KuntzeProceedings of the The 11th International Conference on Advanced Communication Technology (ICACT 2009 <http://www.icact.org/>), Feb. 15~18, 2009, Phoenix Park, Korea.
a google scholar search should give you the paper, maybe you can contact Gökhan directly.
Best regards, Andreas On 22.04.2010 21:29, Marc Kaeser wrote:
Dear Martin,I don't exactly know how certificates work in Firefox/NSS. What I know is that NSS uses a software, internal PKCS#11 cryptotoken to store the key that is used to encrypt login credentials by the PasswordManager. I modified a bit SecretDecoderRing, the component that encrypts the login credentials using the PKCS11 token, in order to use the token provided by Cryptoki using TSS.In NSS, everything's already implemented to use pkcs11. The only thing that misses is a dialogue or something that lets the user choose where he/she wants to store the key used for encrypting the data I was looking for. So I had to hard code the use of the Cryptoki-PKCS11 token, and it worked. So for certificates, even if they don't use pkcs11, there should be a way to use the implemented wrapper functions for PKCS11 tokens.But defenately, importing opencryptoki library as crypto module works, my build does.Marc ---------- Forwarded message ----------From: *Carolin Latze* <[email protected] <mailto:[email protected]>>Date: 2010/4/22Subject: Fwd: [TrouSerS-users] How to use Firefox and TPM protected certificates? Is this possible??To: Marc Kaeser <[email protected] <mailto:[email protected]>>Bist Du auf der TrouSerS Mailingliste eingetragen? Darauf weisst Du doch sicher ne Antwort... :-) Also zumindest darauf, wie man das TPM per PKCS#11 in FF einbindet...-------- Original Message --------Subject: [TrouSerS-users] How to use Firefox and TPM protected certificates? Is this possible??Date: Tue, 7 Jul 2009 10:50:42 +0200From: Martin Schneider <[email protected]> <mailto:[email protected]> To: [email protected] <mailto:[email protected]> <[email protected]> <mailto:[email protected]>Hello list, I'm new to TrouSerS and especially to opencryptoki/PCKS#11, so it would be kind if you could provide a little help: I want to use Firefox with a TPM protected certificate for client auth. Honestly, I'm not sure if this can be done if yes: I'm not sure if my approach is the right one: 1) How to make Firefox use the TPM If I figured things out correctly, I should be able to somehow add opencryptoki as a FF Crypto Module. I tried to load libpkcs11_sw.so.0.0.0 or libpkcs11_tpm.so.0.0.0 but FF said that the module can't be loaded. Maybe I tried the wrong .so? After adding the Module to FF, I teoretically need to 2) Import a Certificate + Key to my TPM key-hierarchy Again, if I understood things right, I should be able to import a certificate + key into my key-hierarchy. For testing this, I created (with OpenSSL) a RSA key (PEM formatted) and signed this with my CA and got a (PEM formatted) certificate. Now I tried to import key + certificate using tpmtoken_import but it won't work for me. > tpmtoken_import client.crt Enter your TPM user password: Error, unable to obtain the required subject and id attributes I'd appreciate a little kick-off help a lot. Thanks in advance Martin ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at:http://p.sf.net/sfu/blackberry _______________________________________________ TrouSerS-users mailing list [email protected] <mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/trousers-users------------------------------------------------------------------------------_______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
<<attachment: andreas_leicher.vcf>>
------------------------------------------------------------------------------
_______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
