[Whonix-devel] Bug#941951: RFP: tpm2-pk11
procmem at riseup.net
procmem at riseup.net
Mon Oct 7 22:33:07 CEST 2019
Package: wnpp
X-Debbugs-CC: whonix-devel at whonix.org
* Package name: tpm2-pk11
Version : ?
Upstream Author : Iwan Timmer
* URL : https://github.com/irtimmer/tpm2-pk11
* License : BSD 2-Clause "Simplified" License
Programming Lang: C
Description : PKCS#11 Module for TPM 2.0
TPM2-PK11 provide a PKCS#11 backend for TPM 2.0 chips.
This allows you to use your TPM keys in every application which support the PKCS #11 standard.
For more information about howto setup keys, certificates and applications see the wiki <https://github.com/irtimmer/tpm2-pk11/wiki>.[0]
Features
Sign and decrypt using private RSA key stored in TPM
Provide on disk stored certificate in DER format to applications using PKCS #11
Supported applications
OpenSSH Client (SSH key in TPM)
Firefox (Private key of Client certificate in TPM)
GnuPG using gnupg-pkcs11-scd (PGP key in TPM) [1]
[0] https://github.com/irtimmer/tpm2-pk11/wiki
[1] gnupg-pkcs11-scd is already packaged for Debian
In plain English: This package has the awesome benefit of turning a TPM device into a universal smartcard
for all different kinds of keys.
For our (Whonix) virtualized privacy distro this means that users can be sure their keys are safe
even if the VM is infected.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.whonix.org/pipermail/whonix-devel/attachments/20191007/f166336c/attachment-0001.htm>
More information about the Whonix-devel
mailing list