Re: [opencryptoki-users] Opencrptoki & Strongswan 4.1
Brought to you by:
ebarretto
Menu
▾
▴
Re: [opencryptoki-users] Opencrptoki & Strongswan 4.1
|
From: Tom L. <to...@us...> - 2007-04-04 13:50:25
|
bl...@gm... wrote on 04/03/2007 11:01:07 PM: > Hey. I was just wondering if anyone had successfully managed to use > opencryptoki with Strongswan? I'm trying to store my x.509 cert/key in > the TPM module of my T43p and have Strongswan use it. > > Currently (according to all the tpmtoken tools) the key/cert are > stored successfully, but when I try and get strongswan to use it it > keeps claiming the pin is incorrect. strace on tcsd shows no activity > with this failed pin attempt, so I'm a bit dubious. Let me start by saying that I'm not very familiar with Strongswan... Is Strongswan running under your userid when attempting to access the cert/key through the PKCS#11 api? The TPM token store is a per-user token store. So if Strongswan is running as daemon under a specific user then you will need to store your cert/key as the Strongswan daemon user. You will then need to be sure that Strongswan provides the proper pin to the PKCS#11 api in order to access the cert/key objects. Tom > > I've pinged the strongswan-users list as well, but was just curious if > anyone had tried this setup before and had some hints? > > Thanks, > -David > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > opencryptoki-users mailing list > ope...@li... > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users |
