Please provide p11-kit module file #28
Assignees
Labels
enhancement
New feature or request
Comments
|
This would mean we would have a dependency on P11 kit, so would we want to make this optional? If P11 kit installed do pkg-config magic for install location, else use the current install location? |
|
Sure, that makes sense. As long as the common case is that people can just install it then PKCS#11 URIs Just Work for them in all applications, instead of filenames for keys. |
williamcroberts
added
in-progress
williamcroberts
pushed a commit
to williamcroberts/tpm2-pkcs11
that referenced
this issue
Oct 9, 2018
TODO: 1. test with p11kit When P11 kit is installed, PKCS11 modules can be detected via a URI scheme as defined in RFC7512: - https://tools.ietf.org/html/rfc7512 On *nix systems, this is full filled by P11-Kit. So when P11-kit is installed the tpm2-pkcs11 project should: 1. Change the install location to P11-Kit location 2. Provide a config file Configure Output with P11 Installed: checking p11 module path... /usr/lib/x86_64-linux-gnu/pkcs11 checking p11 configs path... /usr/share/p11-kit/modules Installation Layout with P11 installed with --prefix=`realpath ~/tmp` /home/wcrobert/tmp /home/wcrobert/tmp/lib /home/wcrobert/tmp/lib/pkgconfig /home/wcrobert/tmp/lib/pkgconfig/tpm2-pkcs11.pc /home/wcrobert/tmp/usr /home/wcrobert/tmp/usr/lib /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11 /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so.0.0.0 /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so.0 /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.la /home/wcrobert/tmp/usr/share /home/wcrobert/tmp/usr/share/p11-kit /home/wcrobert/tmp/usr/share/p11-kit/modules /home/wcrobert/tmp/usr/share/p11-kit/modules/tpm2-pkcs11 Fixes: tpm2-software#28 Signed-off-by: William Roberts <william.c.roberts@intel.com>
williamcroberts
pushed a commit
to williamcroberts/tpm2-pkcs11
that referenced
this issue
Oct 10, 2018
TODO: 1. test with p11kit When P11 kit is installed, PKCS11 modules can be detected via a URI scheme as defined in RFC7512: - https://tools.ietf.org/html/rfc7512 On *nix systems, this is full filled by P11-Kit. So when P11-kit is installed the tpm2-pkcs11 project should: 1. Change the install location to P11-Kit location 2. Provide a config file Configure Output with P11 Installed: checking p11 module path... /usr/lib/x86_64-linux-gnu/pkcs11 checking p11 configs path... /usr/share/p11-kit/modules Installation Layout with P11 installed with --prefix=`realpath ~/tmp` /home/wcrobert/tmp /home/wcrobert/tmp/lib /home/wcrobert/tmp/lib/pkgconfig /home/wcrobert/tmp/lib/pkgconfig/tpm2-pkcs11.pc /home/wcrobert/tmp/usr /home/wcrobert/tmp/usr/lib /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11 /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so.0.0.0 /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so.0 /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.la /home/wcrobert/tmp/usr/share /home/wcrobert/tmp/usr/share/p11-kit /home/wcrobert/tmp/usr/share/p11-kit/modules /home/wcrobert/tmp/usr/share/p11-kit/modules/tpm2-pkcs11 Fixes: tpm2-software#28 Signed-off-by: William Roberts <william.c.roberts@intel.com>
williamcroberts
pushed a commit
to williamcroberts/tpm2-pkcs11
that referenced
this issue
Oct 10, 2018
When P11 kit is installed, PKCS11 modules can be detected via a URI scheme as defined in RFC7512: - https://tools.ietf.org/html/rfc7512 On *nix systems, this is full filled by P11-Kit. So when P11-kit is installed the tpm2-pkcs11 project should: 1. Change the install location to P11-Kit location 2. Provide a config file With these changes, the command: $ p11-kit list-modules Returns successfully the results of the token: tpm2_pkcs11: libtpm2_pkcs11.so library-description: TPM2.0 Cryptoki library-manufacturer: Intel library-version: 42.42 token: label manufacturer: Intel model: TPM2 PKCS#11 serial-number: 0000000000000000 flags: rng login-required token-initialized Fixes: tpm2-software#28 Signed-off-by: William Roberts <william.c.roberts@intel.com>
williamcroberts
pushed a commit
that referenced
this issue
Oct 11, 2018
When P11 kit is installed, PKCS11 modules can be detected via a URI scheme as defined in RFC7512: - https://tools.ietf.org/html/rfc7512 On *nix systems, this is full filled by P11-Kit. So when P11-kit is installed the tpm2-pkcs11 project should: 1. Change the install location to P11-Kit location 2. Provide a config file With these changes, the command: $ p11-kit list-modules Returns successfully the results of the token: tpm2_pkcs11: libtpm2_pkcs11.so library-description: TPM2.0 Cryptoki library-manufacturer: Intel library-version: 42.42 token: label manufacturer: Intel model: TPM2 PKCS#11 serial-number: 0000000000000000 flags: rng login-required token-initialized Fixes: #28 Signed-off-by: William Roberts <william.c.roberts@intel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Modern *nix systems use p11-kit for managing PKCS#11 modules.
Please consider installing the module itself to
$(pkg-config --variable=p11_module_path p11-kit-1)and also installing a p11-kit module file to$(pkg-config --variable=p11_module_configs p11-kit-1).Then, any well-behaved application on the system will be able to use keys from the PKCS#11 token simply by passing it a RFC7512 PKCS#11 URI instead of a filename.
The text was updated successfully, but these errors were encountered: