Hello Subatra,
thx to you and Klaus Kiwi (thx a LOT both of you) I've also been able to
load the module in NSS / Firefox. I'm trying to modify NSS/sdr (or whatever
must be modified) in a way the user's keys for login-storage-cryptography
(mozStorage and its sqlite db) are stored in the tpm. I
On 2009-09-11 13:12 , Klaus Heinrich Kiwi wrote:
> I don't know what it was, but now I can load opencryptoki as a PKCS#11
> modules in my systems. I've tried with the software token, TPM token and
> the ICA token. Loaded the modules with modutil and generated key
> pairs/certificates/cert reque
On 09/04/2009 12:42 PM, Klaus Heinrich Kiwi wrote:
On 09/03/2009 07:37 AM, Marc Kaeser wrote:
I'm still trying to get those things fixed, but I thought I give you a
feedback before you think I gave up ^^
Marc,
There's another thread on this list where I'm trying to test the
opencryptoki + NSS
Hi Marc,
I configured the TPM on Dell Latitude D820 running Fedora 8 (Linux
v2.6.26.3-14.fc8 ).
I found that the following link quite helpful :
https://www.grounation.org/index.php?post/2008/07/04/8-how-to-use-a-tpm-with-linux.
I was able to generate key-pair, PKCS#10 CSR and then import signed
Hello!
Thanks, I've seen the other thread, and I'm very interested in it :-) I
wonder how Subrata Mazumdar managed to load that module - maybe other
versions?
But I must say my problem's still of lower class than loading the module
into NSS for the moment. I've found out the problem of my pack
On 09/03/2009 07:37 AM, Marc Kaeser wrote:
I'm still trying to get those things fixed, but I thought I give you a
feedback before you think I gave up ^^
Marc,
There's another thread on this list where I'm trying to test the
opencryptoki + NSS integration. I admit that I haven't been able to l
Hello Klaus, again I've got stupid problems. I wanted to follow your
instructions step by step, so I removed everything I had already built and
installed about opencryptoki/pkcs11. I guess I had sort of multiple
installation of the libraries on the disk, cause ubuntu already had that
package
Marc Kaeser wrote:
r...@lenovo:/usr/sbin# ./pkcsconf -t
LOG_DEBUG TSPI rpc/tcstp/rpc.c:362 Sending TSP packet to host localhost.
LOG_DEBUG TSPI rpc/tcstp/rpc.c:377 Connecting to 127.0.0.1
LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:44 RPC_OpenContext_TP: Received
TCS Context: 0xa0e6c901
Token #0 Inf
Marc Kaeser wrote:
Hello Klaus,
I tried to find those software tokens so I can test where the problem
comes from. Unfortunately I haven't been able to find that software
"emulating" a token. You talk about ica_tok or swtok, but where can I
find those software-tokens? Do they come with another
Hello Klaus,
I tried to find those software tokens so I can test where the problem comes
from. Unfortunately I haven't been able to find that software "emulating" a
token. You talk about ica_tok or swtok, but where can I find those
software-tokens? Do they come with another module for Firefox?
Hello Klaus,
sorry that my answer lasted so long to come. I only have a few days a week
to work on that. For now, here are the printouts of pkcsconf -t and -s :
r...@lenovo:/usr/sbin# ./pkcsconf -t
LOG_DEBUG TSPI rpc/tcstp/rpc.c:362 Sending TSP packet to host localhost.
LOG_DEBUG TSPI rpc/tcs
Marc Kaeser wrote:
Hello Martin,
have you been able to find out why FF crashed? I've got the same problem
here, everything worked fine except for the module-import in FF. My
build crashes too.
I'm working on Ubuntu too, but I got my sourcecode from mozilla and
built it myself. I'd like to kno
Hello Martin,
have you been able to find out why FF crashed? I've got the same problem
here, everything worked fine except for the module-import in FF. My build
crashes too.
I'm working on Ubuntu too, but I got my sourcecode from mozilla and built it
myself. I'd like to know if you found the p
Please see my inline responses.
Martin Schneider wrote:
Hello Subrata and others
Thanks for your reply. Unfortunately this doesn't work for me.
Here is a bash shell-script that I have used to start the Opencryptoki
PKCS#11 driver :
# BIOS Set up
# Step 1. Turn the computer off.
# Step 2.
Michael Ströder wrote:
Martin Schneider wrote:
I think they keystore on
opencryptoki follows exactly the principle how storing other things
"in" the TPM works: building an encrypted key hierarchy that is stored
on harddisk with an encryption key rooted in the Storage Root Key in
the TPM.
Isn't
That TPMs cannot sign CSRs is true but TPMs can do something similar
and IMHO much more interesting which attesting that a public key
(and thus indirectly the associated private key) was created inside of
the TPM.
The problem here is that few APIs and even fewer protocols deals with
this kind o
Martin Schneider wrote:
> I think they keystore on
> opencryptoki follows exactly the principle how storing other things
> "in" the TPM works: building an encrypted key hierarchy that is stored
> on harddisk with an encryption key rooted in the Storage Root Key in
> the TPM.
Isn't that how most HS
Hello Peter and others,
> I should start by saying that a TPM's functionality is not equivalent to
> that of other hardware tokens, such as smart cards. A TPM only provides a
> subset of the functionality of a regular PKCS#11 token. A TPM, however,
> also providers things that PKCS#11 tokens don
Hello Subrata and others
Thanks for your reply. Unfortunately this doesn't work for me.
> Here is a bash shell-script that I have used to start the Opencryptoki
> PKCS#11 driver :
> # BIOS Set up
> # Step 1. Turn the computer off.
> # Step 2. Turn the computer on and press F1 to enter the BIOS se
On 2009-07-07 12:50 PDT, Peter Djalaliev wrote:
> I should start by saying that a TPM's functionality is not equivalent to
> that of other hardware tokens, such as smart cards. A TPM only provides
> a subset of the functionality of a regular PKCS#11 token.
Some provide more than others. I have
Hello,
I am not trying answer the user's question (I believer previous posts
already did), but I would like to straighten out some misconceptions here.
I should start by saying that a TPM's functionality is not equivalent to
that of other hardware tokens, such as smart cards. A TPM only provides
On 2009-07-07 00:33 PDT, Anders Rundgren wrote:
> The naked truth is that provisioning of TPMs is not supported by
> any generally established protocols or APIs (at least using TPM methods),
> but this is also a fact for smart cards since there is no way you
> can policy-define/set PIN-codes using
Hi Martin,
last December I configured TPM in my Dell D820 to access from Firefox on
Linux.
I am guessing that you are lloking for info for Linux. For windows,
PKCS#11 drivers are
typically supplied by the TPM vendor like any another smart card vendor.
Initialization of TPM for PKCS#11 support
Configuring Firefox with a PKCS#11 library is simple - all you have
to do is follow the "Edit->Preferences->Advanced->Security Devices->
Load" path and supply a name (of your choice) for the module and the
actual full-path of the PKCS11 library for the prompts. If the P11
library is correctly imp
When the TPM is enabled and PKCS #11 configured, PKCS #12 import should
work directly in Firefox,
Unfortunately, I have no knowledge of how you enable a specific TPM
since this is a part of an associated software bundle. I have only
used Wave Systems stuff which is very different to TroUsers.
Hi Anders and others
> PKCS #12 import is probably the most workable way ahead.
OK, but how can this be done?
If I understood everything correctly, I somehow have to enable the
opencryptoki module provided by trousers in Firefox (I didn't succeed
in that yet). Later I should be able to use this
Hi Martin,
The naked truth is that provisioning of TPMs is not supported by
any generally established protocols or APIs (at least using TPM methods),
but this is also a fact for smart cards since there is no way you
can policy-define/set PIN-codes using for example Firfox's .
I once did a TPM prov
Hello Arshad,
I want to use Firefox with TPM preferably in Ubuntu Linux.
I'm not sure what I've got to do to link Firefox with the PKCS#11
interface. Do you need to implement some code or is this a mere
configuration thing?
The next question is: How does the creation of a TPM protected
certifica
On 2009-07-06 07:41 PDT, Martin Schneider wrote:
> I want to use certificates which according private key is protected
> inside a Trusted Platform Module and use these Certificates for client
> side authentication towards a web based service running on an Apache.
>
> As far as I understand, there
Hi Martin,
Yes, TSS does apparently give you a PKCS#11 interface when layered
with openCryptoki (http://trousers.sourceforge.net/pkcs11.html). I
haven't used this configuration personally (I'm trying to work with
a specific vendors PKCS#11 library and access the TPM using Java
through the SunPKC
Hello everybody,
I'm new to this topic, so it would be kind if some of you people could
give me some input.
I want to use certificates which according private key is protected
inside a Trusted Platform Module and use these Certificates for client
side authentication towards a web based service ru
31 matches
Mail list logo
