Hi Martin,
The naked truth is that provisioning of TPMs is not supported by
any generally established protocols or APIs (at least using TPM methods),
but this is also a fact for smart cards since there is no way you
can policy-define/set PIN-codes using for example Firfox's <keygen>.
I once did a TPM provisioning on Windows which required me to run a really
awkward utility for preconfiguring the TPM including taking ownership.
PKCS #12 import is probably the most workable way ahead.
This is one of the reasons why 99% of all TPMs are disabled.
Anders
Martin Schneider wrote:
Hello Arshad,
I want to use Firefox with TPM preferably in Ubuntu Linux.
I'm not sure what I've got to do to link Firefox with the PKCS#11
interface. Do you need to implement some code or is this a mere
configuration thing?
The next question is: How does the creation of a TPM protected
certificate work? Do you have to externally create a Certification
Signing Request for a key protected inside the TPM, get a signature
for this CSR and import the cert to Firefox?
Best regards,
Martin
On 6 Jul., 19:18, Arshad Noor <arshad.n...@strongauth.com> wrote:
Hi Martin,
Yes, TSS does apparently give you a PKCS#11 interface when layered
with openCryptoki (http://trousers.sourceforge.net/pkcs11.html). I
haven't used this configuration personally (I'm trying to work with
a specific vendors PKCS#11 library and access the TPM using Java
through the SunPKCS11 bridge).
You didn't specify the platform - if you're using Windows, your TPM
provider probably has a PKCS#11 library already bundled in the TPM
software distribution.
Arshad Noor
StrongAuth, Inc.
Martin Schneider wrote:
Hello everybody,
I'm new to this topic, so it would be kind if some of you people could
give me some input.
I want to use certificates which according private key is protected
inside a Trusted Platform Module and use these Certificates for client
side authentication towards a web based service running on an Apache.
As far as I understand, there should be the possibility to somehow use
the TPM together with Firefox or Thunderbird if you have a suitable
PKCS#11 module. As far as I know, will TrouSerS or jTSS offer such a
PKCS#11 provider. But I do not understand how this must be used. Did
anybody of you set up something as I want to do and maybe put down
some notes?
Thanks for your replies
Martin
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
