From: Joel S. <js...@li...> - 2013-09-27 15:23:10
|
Hi Peter, You'd probably have better luck getting an answer on trousers-users. This is is really for development of trousers. -Joel On 09/27/2013 08:26 AM, Peter Magnusson wrote: > I am administrator of a company that uses EAP-TLS(certificates) to > authenticate against the wireless networks. This works well on the > windowsclients but now we are trying to implement the same solution on > our RHEL6 clients. > > Status right now is that we have it working, we can enroll certificates > to the RHEL6 clients and use them for authentication against the > wireless networks. > > The problem is how we store the private key on the RHEL6 client, right > now its stored in cleartext on the filesystem(only root can read). This > means that someone could easily boot the client from a livecd and copy > the private key to a different location. > > So what we are trying is to somehow use TPM to secure the private key. I > have managed to install the openssl tpm engine where i can run the > create_tpm_key command, this generates something called a "TSS KEYBLOB" > . I can use this blob file to create a CSR (with openssl) that i can > send to our CA and get a signed certificate back. So far all is well. > > So first question is, what is this TSS Key Blob file ? Is it sensitive ? > Do i need to store it in a secure location ? > > Second question is how do i use it ? Can i use the blobfile as i would > an ordinary private key ? I tried to create a pkcs12 file containing the > blob file and certificate but openssl wouldnt allow this. > > If anyone could provide me with some information that would point me in > the right direction i would very much appreciate it! > > Best regards > Peter > > > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk > > > > _______________________________________________ > TrouSerS-tech mailing list > Tro...@li... > https://lists.sourceforge.net/lists/listinfo/trousers-tech > |