[Whonix-devel] Bug#941951: RFP: tpm2-pk11

procmem at riseup.net procmem at riseup.net
Mon Oct 7 22:33:07 CEST 2019

Package: wnpp
X-Debbugs-CC: whonix-devel at whonix.org

* Package name: tpm2-pk11
    Version         : ?
    Upstream Author : Iwan Timmer
* URL               : https://github.com/irtimmer/tpm2-pk11
* License         : BSD 2-Clause "Simplified" License
    Programming Lang:  	C
    Description  :  PKCS#11 Module for TPM 2.0

TPM2-PK11 provide a PKCS#11 backend for TPM 2.0 chips.
This allows you to use your TPM keys in every application which support the PKCS #11 standard.
For more information about howto setup keys, certificates and applications see the wiki <https://github.com/irtimmer/tpm2-pk11/wiki>.[0]


    Sign and decrypt using private RSA key stored in TPM
    Provide on disk stored certificate in DER format to applications using PKCS #11

Supported applications

    OpenSSH Client (SSH key in TPM)
    Firefox (Private key of Client certificate in TPM)
    GnuPG using gnupg-pkcs11-scd (PGP key in TPM) [1]

[0] https://github.com/irtimmer/tpm2-pk11/wiki
[1] gnupg-pkcs11-scd is already packaged for Debian

In plain English: This package has the awesome benefit of turning a TPM device into a universal smartcard 
for all different kinds of keys.

For our (Whonix) virtualized privacy distro this means that users can be sure their keys are safe 
even if the VM is infected.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.whonix.org/pipermail/whonix-devel/attachments/20191007/f166336c/attachment-0001.htm>

More information about the Whonix-devel mailing list