On Fri, 2015-05-08 at 12:32 +0000, Marcos Simó Picó wrote: > Hi all,
> I’m trying to set up a TLS session between client and server, both > provided with a TPM and using mutual authentication. I am checking if > it is feasible to do it using X.509 certificate authentication. I > found out that GnuTLS needs to get access to the actual private key > (either importing it from its URL or directly) by executing > gnutls_certificate_set_x509_key_file(), before performing the > handshake. However, it would be interesting that the private key would > never leave the TPM chip. Hello, What you say isn't correct. gnutls_certificate_set_x509_key_file() when given a tpmkey URL will utilize but not extract any key. Why do you think it would extract it? regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
