TPM based SSL/TLS authentication

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

TPM based SSL/TLS authentication

Fortman, Andrew
Hi,

I was wondering if it is possible configure QPID so that when it uses SSL it is able to utilize the TPM for public key decryption.

I found this interesting blog post where someone was able to use openSSL to use the TPM to establish a connection between a simple host and client:
https://blog.habets.se/2012/02/TPM-backed-SSL.html

I was hoping to do something similar with the SSL authentication in QPID.

If it's not currently possible, are there any future plans for this?

Thanks,
Andy
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: TPM based SSL/TLS authentication

Keith Wall
HI Andy

The Apache Qpid project comprises many components written in many
different languages (C/C++/Java/Python..). These components can be
deployed to a variety of OSs (Linux/Windows/Solaris etc) and
platforms.   Can you be a little more precise about the Qpid
components that interest you and the target environment you have in
mind?  I personally don't have up-to-date working knowledge of TPMs
but I am sure others here will be able to help if we have a more
focused question.

HTH

Keith.



On 2 August 2017 at 14:58, Fortman, Andrew <[hidden email]> wrote:

> Hi,
>
> I was wondering if it is possible configure QPID so that when it uses SSL it is able to utilize the TPM for public key decryption.
>
> I found this interesting blog post where someone was able to use openSSL to use the TPM to establish a connection between a simple host and client:
> https://blog.habets.se/2012/02/TPM-backed-SSL.html
>
> I was hoping to do something similar with the SSL authentication in QPID.
>
> If it's not currently possible, are there any future plans for this?
>
> Thanks,
> Andy

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...