Using TPM keys
TPM key PEM and certificate generation
Generate the TPM RSA PEM File:
Generate the necessary RSA PEM file for the TPM.
Update the ESTC Client Binary:
Navigate to
/home/demo/mocana/bin/estc/estc
and update the ESTC client binary.
Cleanup Keystore:
Remove unnecessary files from the Keystore:
cd /home/demo/mocana/Keystore sudo rm -rf certs crls keys req
Ensure only the
ca
andetc
folders remain.
Re-run the Key/Certificate Request:
Navigate to
/home/demo/mocana/setup
and execute the script to regenerate the TPM key and certificate:./estc.sh
This process connects with the EST server to generate the TPM Key and its corresponding certificate.
TPM RSA key location
The RSA key is stored at:
/home/demo/mocana/Keystore/keys/webapptap.securitydemos.net_enrollrsa2048.pem
Certificate generated location
The generated certificate is stored at:
/home/demo/mocana/Keystore/certs/webapptap.securitydemos.net_enrollmentrsa.der
EVP test using TPM PEM
Build with TAP Enabled:
Refer to
Makefile.evptest
for details:cd thirdparty/openssl-1.0.2i/engines/mocana/test
Enable TAP Support:
Set the following flag to
1
to enable TAP:set SECMOD_ACCEL_DEV=1 SECMOD_ACCEL_DEV ?= 1
Build Command:
Use the following command to build:
make --f Makefile.evptest clean all
Verifying/Testing TPM Key
Run the Verification/Test:
Execute the binary to test the TPM Key:
sudo moc_evp_rsa_dsa_ecdsa_test --p webapptap.securitydemos.net_enrollrsa2048.pem --s
Refer to the
moc_evp_rsa_dsa_ecdsa_test.c
source code for examples of TPM usage.