|
|
| (3 intermediate revisions by 3 users not shown) |
| Line 1: |
Line 1: |
| [[Category:Security]] | | #redirect [[ArchWiki:Archive]] |
| [[zh-hans:TPM2-PK11]] | | [[Category:Archive]] |
| {{Expansion|This is a (now slightly adapted) copy of the README on GitHub. What's this article about? What does it add over the README that shouldn't be maintained there? How do you install this on Arch?}}
| |
| | |
| {{AUR|tpm2-pk11-git}} provides a [https://github.com/irtimmer/tpm2-pk11 PKCS#11] backend for a [[TPM]] 2.0 chip.
| |
| This can be used to secure your [[SSH keys]].
| |
| | |
| {{Note|Only the OpenSSH client is supported as of November 2017.}}
| |
| | |
| == SSH Usage ==
| |
| | |
| Create keys:
| |
| | |
| {{bc|
| |
| $ mkdir ~/.tpm2 && cd ~/.tpm2
| |
| $ tpm2_createprimary -A e -g 0x000b -G 0x0001 -C po.ctx
| |
| $ tpm2_create -c po.ctx -g 0x000b -G 0x0001 -o key.pub -O key.priv
| |
| $ tpm2_load -c po.ctx -u key.pub -r key.priv -n key.name -C obj.ctx
| |
| $ tpm2_evictcontrol -A o -c obj.ctx -S 0x81010010
| |
| $ rm key.name *.ctx
| |
| }}
| |
| | |
| Create configuration file and change it for your setup:
| |
| | |
| $ cp config.sample ~/.tpm2/config
| |
| | |
| Extract public key:
| |
| | |
| $ ssh-keygen -D libtpm2-pk11.so
| |
| | |
| Use your TPM key:
| |
| | |
| $ ssh -I libtpm2-pk11.so ssh.example.com
| |
| | |
| Or add the PKCS#11 module to your ssh configuration in {{ic|~/.ssh/config}}:
| |
| | |
| {{bc|
| |
| Host *
| |
| PKCS11Provider libtpm2-pk11.so
| |
| }}
| |