Using TPM keys
less than a minute
TPM key PEM and certificate generation
- Generate the TPM RSA PEM File:
- Generate the necessary RSA PEM file for the TPM.
- Update the ESTC Client Binary:
- Navigate to
/home/demo/mocana/bin/estc/estcand update the ESTC client binary.
- Navigate to
- Cleanup Keystore:
- Remove unnecessary files from the Keystore:
cd /home/demo/mocana/Keystore sudo rm -rf certs crls keys req - Ensure only the
caandetcfolders remain.
- Remove unnecessary files from the Keystore:
- Re-run the Key/Certificate Request:
- Navigate to
/home/demo/mocana/setupand execute the script to regenerate the TPM key and certificate:./estc.sh - This process connects with the EST server to generate the TPM Key and its corresponding certificate.
- Navigate to
TPM RSA key location
- The RSA key is stored at:
/home/demo/mocana/Keystore/keys/webapptap.securitydemos.net_enrollrsa2048.pem
Certificate generated location
- The generated certificate is stored at:
/home/demo/mocana/Keystore/certs/webapptap.securitydemos.net_enrollmentrsa.der
EVP test using TPM PEM
- Build with TAP Enabled:
- Refer to
Makefile.evptestfor details:cd thirdparty/openssl-1.0.2i/engines/mocana/test
- Refer to
- Enable TAP Support:
- Set the following flag to
1to enable TAP:set SECMOD_ACCEL_DEV=1 SECMOD_ACCEL_DEV ?= 1
- Set the following flag to
- Build Command:
- Use the following command to build:
make --f Makefile.evptest clean all
- Use the following command to build:
Verifying/Testing TPM Key
- Run the Verification/Test:
- Execute the binary to test the TPM Key:
sudo moc_evp_rsa_dsa_ecdsa_test --p webapptap.securitydemos.net_enrollrsa2048.pem --s - Refer to the
moc_evp_rsa_dsa_ecdsa_test.csource code for examples of TPM usage.
- Execute the binary to test the TPM Key:
Was this page helpful?
Provide feedback