Hello,
I think the function would extract the key since the description of the
function, literally says:
This function can also accept URLs at keyfile and certfile . In
that case it will import the private key and certificate indicated by
the URLs. Note that the supported URLs are the ones indicated by
gnutls_url_is_supported().
And according to the TPM literature, import the key means to extract it from
the TPM and send it somewhere else. Please, correct me if I’m mistaken.
Thanks for your answer Nikos.
Best,
Marcos
On 08 May 2015, at 21:33, Nikos Mavrogiannopoulos
<[email protected]<mailto:[email protected]>> wrote:
On Fri, 2015-05-08 at 12:32 +0000, Marcos Simó Picó wrote:
Hi all,
I’m trying to set up a TLS session between client and server, both
provided with a TPM and using mutual authentication. I am checking if
it is feasible to do it using X.509 certificate authentication. I
found out that GnuTLS needs to get access to the actual private key
(either importing it from its URL or directly) by executing
gnutls_certificate_set_x509_key_file(), before performing the
handshake. However, it would be interesting that the private key would
never leave the TPM chip.
Hello,
What you say isn't correct. gnutls_certificate_set_x509_key_file() when
given a tpmkey URL will utilize but not extract any key. Why do you
think it would extract it?
regards,
Nikos
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
