For a strongSwan client/server configuration using PSKs for IPsec
authentication I am looking for a way to securely store/retrieve the PSKs.
The client uses a HW based TPM. The server uses an in-house CryptoAgent
software with similar TPM functionalities.
I have seen the "Trusted Platform Module" plug-in
(https://wiki.strongswan.org/projects/strongswan/wiki/TPMPlugin) and I wander
if it is the good starting point for our problem.
Doers strongSwan invokes this plug-in when it needs to store/retrieve a PSK?