Hi Peter, You'd probably have better luck getting an answer on trousers-users. This is is really for development of trousers.
-Joel On 09/27/2013 08:26 AM, Peter Magnusson wrote: > I am administrator of a company that uses EAP-TLS(certificates) to > authenticate against the wireless networks. This works well on the > windowsclients but now we are trying to implement the same solution on > our RHEL6 clients. > > Status right now is that we have it working, we can enroll certificates > to the RHEL6 clients and use them for authentication against the > wireless networks. > > The problem is how we store the private key on the RHEL6 client, right > now its stored in cleartext on the filesystem(only root can read). This > means that someone could easily boot the client from a livecd and copy > the private key to a different location. > > So what we are trying is to somehow use TPM to secure the private key. I > have managed to install the openssl tpm engine where i can run the > create_tpm_key command, this generates something called a "TSS KEYBLOB" > . I can use this blob file to create a CSR (with openssl) that i can > send to our CA and get a signed certificate back. So far all is well. > > So first question is, what is this TSS Key Blob file ? Is it sensitive ? > Do i need to store it in a secure location ? > > Second question is how do i use it ? Can i use the blobfile as i would > an ordinary private key ? I tried to create a pkcs12 file containing the > blob file and certificate but openssl wouldnt allow this. > > If anyone could provide me with some information that would point me in > the right direction i would very much appreciate it! > > Best regards > Peter > > > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk > > > > _______________________________________________ > TrouSerS-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-tech > ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
