New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please provide p11-kit module file #28
Labels
enhancement
New feature or request
Comments
This would mean we would have a dependency on P11 kit, so would we want to make this optional? If P11 kit installed do pkg-config magic for install location, else use the current install location? |
Sure, that makes sense. As long as the common case is that people can just install it then PKCS#11 URIs Just Work for them in all applications, instead of filenames for keys. |
williamcroberts
added
in-progress
Issue is in-progress by assignee.
enhancement
New feature or request
labels
Oct 9, 2018
williamcroberts
pushed a commit
to williamcroberts/tpm2-pkcs11
that referenced
this issue
Oct 9, 2018
TODO: 1. test with p11kit When P11 kit is installed, PKCS11 modules can be detected via a URI scheme as defined in RFC7512: - https://tools.ietf.org/html/rfc7512 On *nix systems, this is full filled by P11-Kit. So when P11-kit is installed the tpm2-pkcs11 project should: 1. Change the install location to P11-Kit location 2. Provide a config file Configure Output with P11 Installed: checking p11 module path... /usr/lib/x86_64-linux-gnu/pkcs11 checking p11 configs path... /usr/share/p11-kit/modules Installation Layout with P11 installed with --prefix=`realpath ~/tmp` /home/wcrobert/tmp /home/wcrobert/tmp/lib /home/wcrobert/tmp/lib/pkgconfig /home/wcrobert/tmp/lib/pkgconfig/tpm2-pkcs11.pc /home/wcrobert/tmp/usr /home/wcrobert/tmp/usr/lib /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11 /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so.0.0.0 /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so.0 /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.la /home/wcrobert/tmp/usr/share /home/wcrobert/tmp/usr/share/p11-kit /home/wcrobert/tmp/usr/share/p11-kit/modules /home/wcrobert/tmp/usr/share/p11-kit/modules/tpm2-pkcs11 Fixes: tpm2-software#28 Signed-off-by: William Roberts <william.c.roberts@intel.com>
williamcroberts
pushed a commit
to williamcroberts/tpm2-pkcs11
that referenced
this issue
Oct 10, 2018
TODO: 1. test with p11kit When P11 kit is installed, PKCS11 modules can be detected via a URI scheme as defined in RFC7512: - https://tools.ietf.org/html/rfc7512 On *nix systems, this is full filled by P11-Kit. So when P11-kit is installed the tpm2-pkcs11 project should: 1. Change the install location to P11-Kit location 2. Provide a config file Configure Output with P11 Installed: checking p11 module path... /usr/lib/x86_64-linux-gnu/pkcs11 checking p11 configs path... /usr/share/p11-kit/modules Installation Layout with P11 installed with --prefix=`realpath ~/tmp` /home/wcrobert/tmp /home/wcrobert/tmp/lib /home/wcrobert/tmp/lib/pkgconfig /home/wcrobert/tmp/lib/pkgconfig/tpm2-pkcs11.pc /home/wcrobert/tmp/usr /home/wcrobert/tmp/usr/lib /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11 /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so.0.0.0 /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so.0 /home/wcrobert/tmp/usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.la /home/wcrobert/tmp/usr/share /home/wcrobert/tmp/usr/share/p11-kit /home/wcrobert/tmp/usr/share/p11-kit/modules /home/wcrobert/tmp/usr/share/p11-kit/modules/tpm2-pkcs11 Fixes: tpm2-software#28 Signed-off-by: William Roberts <william.c.roberts@intel.com>
williamcroberts
pushed a commit
to williamcroberts/tpm2-pkcs11
that referenced
this issue
Oct 10, 2018
When P11 kit is installed, PKCS11 modules can be detected via a URI scheme as defined in RFC7512: - https://tools.ietf.org/html/rfc7512 On *nix systems, this is full filled by P11-Kit. So when P11-kit is installed the tpm2-pkcs11 project should: 1. Change the install location to P11-Kit location 2. Provide a config file With these changes, the command: $ p11-kit list-modules Returns successfully the results of the token: tpm2_pkcs11: libtpm2_pkcs11.so library-description: TPM2.0 Cryptoki library-manufacturer: Intel library-version: 42.42 token: label manufacturer: Intel model: TPM2 PKCS#11 serial-number: 0000000000000000 flags: rng login-required token-initialized Fixes: tpm2-software#28 Signed-off-by: William Roberts <william.c.roberts@intel.com>
williamcroberts
pushed a commit
that referenced
this issue
Oct 11, 2018
When P11 kit is installed, PKCS11 modules can be detected via a URI scheme as defined in RFC7512: - https://tools.ietf.org/html/rfc7512 On *nix systems, this is full filled by P11-Kit. So when P11-kit is installed the tpm2-pkcs11 project should: 1. Change the install location to P11-Kit location 2. Provide a config file With these changes, the command: $ p11-kit list-modules Returns successfully the results of the token: tpm2_pkcs11: libtpm2_pkcs11.so library-description: TPM2.0 Cryptoki library-manufacturer: Intel library-version: 42.42 token: label manufacturer: Intel model: TPM2 PKCS#11 serial-number: 0000000000000000 flags: rng login-required token-initialized Fixes: #28 Signed-off-by: William Roberts <william.c.roberts@intel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Modern *nix systems use p11-kit for managing PKCS#11 modules.
Please consider installing the module itself to
$(pkg-config --variable=p11_module_path p11-kit-1)
and also installing a p11-kit module file to$(pkg-config --variable=p11_module_configs p11-kit-1)
.Then, any well-behaved application on the system will be able to use keys from the PKCS#11 token simply by passing it a RFC7512 PKCS#11 URI instead of a filename.
The text was updated successfully, but these errors were encountered: