You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 16, 2020. It is now read-only.
Iwan Timmer edited this page Feb 10, 2018
·
3 revisions
Setup
Create configuration file and change it for your setup
cp config.sample ~/.tpm2/config
Extract public key
ssh-keygen -D libtpm2-pk11.so
Use your TPM key
ssh -I libtpm2-pk11.so ssh.example.com
or add the PKCS#11 module to your ssh config in ~/.ssh/config:
Host *
PKCS11Provider libtpm2-pk11.so
Known Issues
Not all TPM's support SHA512 and therefore can't sign messages hashed with SHA512.
To circumvent this TPM limitation you need to set sign-using-encrypt to true in ~/.tpm2/config