Installation Locations for P11 kit
David Woodhouse
dwmw2 at infradead.org
Tue Oct 9 17:44:36 UTC 2018
On Tue, 2018-10-09 at 17:28 +0000, Roberts, William C wrote:
> Hello,
>
> I started a PKCS11 project for TPM 2.0 and we have this bug report:
> https://github.com/tpm2-software/tpm2-pkcs11/issues/28
>
> I'm looking for guidance on how best to configure our settings to be
> compatible with
> P11 and best practices surrounding install locations.
>
> Any help/comments would be appreciated.
Really, do what it says in the ticket :)
The ideal location for installing your provider library is obtained
thus:
$ pkg-config --variable=p11_module_path p11-kit-1
/usr/lib64/pkcs11
The location for your module file is given by this command:
$ pkg-config --variable=p11_module_configs p11-kit-1
/usr/share/p11-kit/modules
The idea is that you just install it, then it works everywhere. Any
well-behaved application can now take a PKCS#11 URI according to
RFC7512 instead of a filename for a key, and it'll find your token.
See http://www.infradead.org/openconnect/pkcs11.html for an example of
how this works. I see you're at Intel, so you use OpenConnect for your
VPN. You should be able to import your key from ~/.certs into the TPM
PKCS#11 token, then OpenConnect should be able to use it from there.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5213 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/p11-glue/attachments/20181009/7e500fb8/attachment.bin>
More information about the p11-glue
mailing list