On Thu, Dec 5, 2013 at 3:53 PM, Thomas Habets <[email protected]> wrote: > Hi. > > Reading > http://www.gnutls.org/manual/html_node/Hardware-security-modules-and-abstract-key-types.html > I understand the situation to be that GnuTLS has support for TPM chips > via libtspi,
Hello, The above is correct. > and GnuTLS supports *using* PKCS#11, but doesn't support > being used as a PKCS#11 provider. Is that right? No. GnuTLS doesn't provide a PKCS #11 module. > I want TPM behind a PKCS11 provider to protect SSH client keys, and > have written a pkcs11 module that works directly with libtspi. I'm > trying to find out if GnuTLS has code for this already: > http://blog.habets.se/2013/11/TPM-chip-protecting-SSH-keys---properly The trousers library provides a PKCS #11 front-end. I've never managed to set it up though. If you are using gnutls I'd suggest to use directly the TPM interface or simply the TPM urls. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
