pragmatism first

SIMPLE-TPM-PK11(7) - Linux manual page online | Overview, conventions, and miscellany

Simple PKCS11 provider for TPM chips.

Chapter
1th December, 2013
simple-tpm-pk11(7) simple-tpm-pk11(7)

NAME

simple-tpm-pk11 - Simple PKCS11 provider for TPM chips

DESCRIPTION

simple-tpm-pk11 Is a PKCS11 provider for TPM chips. Its primary purpose is to protect SSH client keys so that they can’t be copied or stolen if the machine they’re on gets compro‐ mised.

OPTIONS

Since PKCS11 modules are .so files loaded by other binaries, they don’t take command line options. Instead simple-tpm-pk11 options can be set up environment variables. SIMPLE_TPM_PK11_DEBUG If set, enables debug level logging. SIMPLE_TPM_PK11_CONFIG=/path/to/config Override default config location. Default is ~/.simple-tpm-pk11/config. SIMPLE_TPM_PK11_LOG_STDERR If set, copies all log output to STDERR.

CONFIGURATION FILE

Configuration options are of the key/value variety, with comments lines starting with "#". key key file Full path to key file, or relative to ~/.simple-tpm-pk11. This the only required configuration option. debug Enable debug level logging. srk_pin PIN Set SRK PIN. Default is the Well Known Secret (20 nulls). key_pin PIN Set key PIN. log log file Full path to log file, or relative to ~/.simple-tpm-pk11.

EXAMPLES

# Load key from ~/.simple-tpm-pk11/my.key. key my.key # Load key from /keys/foo/my.key, and the empty string as SRK PIN. key /keys/foo/my.key srk_pin TPM-TROUBLESHOOTING TODO.

DIAGNOSTICS

Most errors will probably be related to interacting with the TPM chip. Resetting the TPM chip and taking ownership should take care of most of them. See the TPM-TROUBLESHOOTING section.

BUGS

The password is read from stdin without turning off echo. It should be read from the ter‐ minal without echo.

SEE ALSO

stpm-keygen(1), stpm-sign(1)

AUTHOR

Simple-TPM-PK11 was written By Thomas Habets <@google.com> / <@habets.se>. git clone https://github.com/ThomasHabets/simple-tpm-pk11.git
simple-tpm-pk11 1th December, 2013 simple-tpm-pk11(7)
This manual Reference Other manuals
simple-tpm-pk11(7) referred by stpm-exfiltrate(1) | stpm-keygen(1) | stpm-sign(1) | stpm-verify(1)
refer to stpm-keygen(1) | stpm-sign(1)
Download raw manual
Index simple-tpm-pk11 (+5) № 7 (+1560)
Go top