Installation Locations for P11 kit
dwmw2 at infradead.org
Tue Oct 9 17:44:36 UTC 2018
On Tue, 2018-10-09 at 17:28 +0000, Roberts, William C wrote:
> I started a PKCS11 project for TPM 2.0 and we have this bug report:
> I'm looking for guidance on how best to configure our settings to be
> compatible with
> P11 and best practices surrounding install locations.
> Any help/comments would be appreciated.
Really, do what it says in the ticket :)
The ideal location for installing your provider library is obtained
$ pkg-config --variable=p11_module_path p11-kit-1
The location for your module file is given by this command:
$ pkg-config --variable=p11_module_configs p11-kit-1
The idea is that you just install it, then it works everywhere. Any
well-behaved application can now take a PKCS#11 URI according to
RFC7512 instead of a filename for a key, and it'll find your token.
See http://www.infradead.org/openconnect/pkcs11.html for an example of
how this works. I see you're at Intel, so you use OpenConnect for your
VPN. You should be able to import your key from ~/.certs into the TPM
PKCS#11 token, then OpenConnect should be able to use it from there.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5213 bytes
Desc: not available
More information about the p11-glue