In this section we present the Trusted Platform Module (TPM) support in GnuTLS.
There was a big hype when the TPM chip was introduced into computers. Briefly it is a co-processor in your PC that allows it to perform calculations independently of the main processor. This has good and bad side-effects. In this section we focus on the good ones; these are the fact that you can use the TPM chip to perform cryptographic operations on keys stored in it, without accessing them. That is very similar to the operation of a PKCS #11 smart card. The chip allows for storage and usage of RSA keys, but has quite some operational differences from PKCS #11 module, and thus require different handling. The basic TPM operations supported and used by GnuTLS, are key generation and signing.
The next sections assume that the TPM chip in the system is already initialized and in a operational state.
In GnuTLS the TPM functionality is available in
|• Keys in TPM:|
|• Key generation:|
|• Using keys:|
|• tpmtool Invocation:|