Hi Martin,
last December I configured TPM in my Dell D820 to access from Firefox on
Linux.
I am guessing that you are lloking for info for Linux. For windows,
PKCS#11 drivers are
typically supplied by the TPM vendor like any another smart card vendor.
Initialization of TPM for PKCS#11 support (which is needed by Firefox)
is quite involved.
I found the information in the following site quite helpful:
https://www.grounation.org/index.php?post/2008/07/04/8-how-to-use-a-tpm-with-linux
Here is a bash shell-script that I have used to start the Opencryptoki
PKCS#11 driver :
# BIOS Set up
# Step 1. Turn the computer off.
# Step 2. Turn the computer on and press F1 to enter the BIOS setup menu.
# Step 3. From the Security menu, locate the option to clear the
security device.
# Sometimes it is referred to as the TPM or TCG feature.
# Step 4. Save and exit the BIOS setup menu.
# Step 5. Restart
# Setup opencryptoki-2.2.5
# 0. download opencryptoki-2.2.5 from sourceforge.net
# 1. Configure the default options (./configure)
# 2. make
# 3. (su; make install)
#
# Initialize PKCS11 for opencryptoki
/usr/local/sbin/pkcs11_startup
# Start the deamon for PKCS slot
/etc/init.d/pkcsslotd start
# Test the PKCS-slot (in su mode)
pkcsconf -i # for info
pkcsconf -t # for token-info
pkcsconf -s # for slot-info
# Initialize the token
pkcsconf -I -c 0 # Initalize the slot zero (0)
# Provide SO password (default is 87654321)
# Must Modify the user PIN for slot 0
pkcsconf -u -c 0 # Initalize the user PIN for slot zero (0)
# load the opencryptoki library in the firefox browser using the
# Security device dialog window.
# Name: OpenCryptoki
# Library: /usr/local/lib/opencryptoki/libopencryptoki.so.0
--
Subrata
Martin Schneider wrote:
Hello everybody,
I'm new to this topic, so it would be kind if some of you people could
give me some input.
I want to use certificates which according private key is protected
inside a Trusted Platform Module and use these Certificates for client
side authentication towards a web based service running on an Apache.
As far as I understand, there should be the possibility to somehow use
the TPM together with Firefox or Thunderbird if you have a suitable
PKCS#11 module. As far as I know, will TrouSerS or jTSS offer such a
PKCS#11 provider. But I do not understand how this must be used. Did
anybody of you set up something as I want to do and maybe put down
some notes?
Thanks for your replies
Martin
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
