I am administrator of a company that uses EAP-TLS(certificates) to
authenticate against the wireless networks. This works well on the
windowsclients but now we are trying to implement the same solution on our
RHEL6 clients.
Status right now is that we have it working, we can enroll certificates to
the RHEL6 clients and use them for authentication against the wireless
networks.
The problem is how we store the private key on the RHEL6 client, right now
its stored in cleartext on the filesystem(only root can read). This means
that someone could easily boot the client from a livecd and copy the
private key to a different location.
So what we are trying is to somehow use TPM to secure the private key. I
have managed to install the openssl tpm engine where i can run the
create_tpm_key command, this generates something called a "TSS KEYBLOB" . I
can use this blob file to create a CSR (with openssl) that i can send to
our CA and get a signed certificate back. So far all is well.
So first question is, what is this TSS Key Blob file ? Is it sensitive ? Do
i need to store it in a secure location ?
Second question is how do i use it ? Can i use the blobfile as i would an
ordinary private key ? I tried to create a pkcs12 file containing the blob
file and certificate but openssl wouldnt allow this.
If anyone could provide me with some information that would point me in the
right direction i would very much appreciate it!
Best regards
Peter
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
