Hi Mahendra, private keys bound to a TPM are currently available for use with strongSwan IKE public key authentication via the PKCS#11 interface offered by the pkcs11 plugin, only. To be honest, I've never been ableto get the PKCS#11 support coming with the tpm-tools package up and running, though.
strongSwan can use a version 1.2 TPM directly for TCG TNC attestation purposes (Quote and Quote2 signatures) but not for general
authentication signatures. Best regards Andreas On 10.02.2016 18:41, Mahendra SP wrote:
Hi All, I am looking in to using TPM hardware which will have certificate privavate key with strongswan. In this particular use case, certificate private key is securely stored in TPM. When Strongswan configured to use certificate auth method, should offload certificate validation to TPM. Can this be achieved ? are there any callback based approaches in Strongswan to make this use case work ? Please reply Thanks Mahendra
====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
