tpm2-pkcs11
tpm2-pkcs11 copied to clipboard
tpm2-software
A PKCS#11 interface for TPM2 hardware
Hello The list of objects present in the database is only loaded for a given application when calling C_Initialize. When doing an import of an object via tpm2_ptool, the database...
Hi, If I understood correctly, the `tpm2_ptool addcert` command stores the provided certificate in the database file. Is there any way to expose via PKCS11 a certificate stored in TPM...
hi, is it possible to build a windows version? so I want to build app -> app will invoke pkcs11 interface ->pkcs11 is based on local TPM2.0. or I can...
Hello All, This is a discussion/QA post than issue. I am new to pkcs11 and tpm2 and trying to integrate openssl with pkcs11 and tpm. I have few doubts regarding...
https://github.com/tpm2-software/tpm2-pkcs11/blob/d00b6a7225821d1869c95e07d63aa8c97ddf5603/test/integration/scripts/create_pkcs_store.sh#L83 Fix double primary-auth: ```bash tpm2_ptool init --primary-auth=anotherpobjpin --primary-handle=$handle --primary-auth=foopass --path=$TPM2_PKCS11_STORE ``` it should fail on double option specified.
Make sure primary-auth is correct before adding the pobject to the database in init, because a wrong pobjpin when the persistent handle is used, won't error until addtoken. Consider: ```bash...
Hi all, Im referring to this issue. https://github.com/tpm2-software/tpm2-tss-engine/issues/221 Im using `tpm2tss-genkey` to derive a PEM representation from some key material I generated via https://github.com/google/go-attestation. Therefore I export the public and...
It works with nginx, but it seems like there are some problem with ocserv and GnuTLS. Error log: ocserv -f -c /etc/ocserv/ocserv.conf -d 9999 note: vhost:default: setting 'certificate' as primary...
Hello, https://github.com/tpm2-software/tpm2-pkcs11/blob/1.7.0/src/lib/tpm.c contains: ```c static TSS2_RC do_part_encrypt_decrypt( tpm_ctx *ctx, uint32_t handle, TPMI_ALG_SYM_MODE mode, TPMI_YES_NO is_decrypt, const TPM2B_MAX_BUFFER *data_in, const TPM2B_IV *iv_in, TPM2B_MAX_BUFFER **data_out, TPM2B_IV **iv_out) { TSS2_RC rval = TSS2_RC_SUCCESS;...
When /etc/tpm2_pkcs11/tpm2_pkcs11.sqlite3.lock can not be created, it failed with error. So it’s impossible to use this library with other software (like Nginx) on a SELinux enabled environment. I hope read-only...