Previous: Smart cards and HSMs, Up: Hardware security modules and abstract key types [Contents][Index]
In this section we present the Trusted Platform Module (TPM) support
in GnuTLS. Note that this functionality is disabled by default
because the trousers
libraries GnuTLS depends on for that functionality
are under the Common Public License which is not compatible with the GPL license.
There was a big hype when the TPM chip was introduced into computers. Briefly it is a co-processor in your PC that allows it to perform calculations independently of the main processor. This has good and bad side-effects. In this section we focus on the good ones, which are the fact that you can use it to perform cryptographic operations the similarly to a PKCS #11 smart card. It allows for storing and using RSA keys but with slight differences from a PKCS #11 module that require different handling. The basic operations supported, and used by GnuTLS, are key generation and signing.
In GnuTLS the TPM functionality is available in gnutls/tpm.h
.
• Keys in TPM: | ||
• Key generation: | ||
• Using keys: | ||
• tpmtool Invocation: | Invoking tpmtool |