On 2009-07-07 00:33 PDT, Anders Rundgren wrote: > The naked truth is that provisioning of TPMs is not supported by > any generally established protocols or APIs (at least using TPM methods), > but this is also a fact for smart cards since there is no way you > can policy-define/set PIN-codes using for example Firfox's <keygen>.
Anders, I am beginning to think that you are deliberately engaging in a misinformation campaign for the purpose of convincing all newcomers to this group that nothing in the world except your software works. The truth is that numerous platforms offer PKCS#11 modules for their TPMs that work just like any other hardware crypto token, allowing keys to be generated, CSRs to be signed, certs to be imported, etc., using Firefox's normal methods that work with any PKCS#11 module. > I once did a TPM provisioning on Windows which required me to run a really > awkward utility for preconfiguring the TPM including taking ownership. I'm sure that there are some products whose TPM modules are not really usable through their respective PKCS#11 modules, but it's not in the interest of the general subscribers to this list to suggest that none work. > PKCS #12 import is probably the most workable way ahead. That is ONE way, out of many. Actually, I would expect that most TPMs would not accept private keys generated externally. Doing so defeats their raison d'etre' . -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
