Thank you. Sorry I intended to reply sooner. This works. On Mon, Mar 2, 2020 at 6:04 PM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote: > > On Tue, 2020-02-18 at 15:49 +0100, Grant Williamson wrote: > > Hi, looking for guidance on how to use openconnect in conjunction > > with > > a private key stored in the tpm. > > > > - RHEL 8.1 > > - UEFI and Secure Boot are enabled. > > - Upstream packages:- > > tpm2-abrmd-2.3.1-1.el8.x86_64.rpm > > tpm2-abrmd-selinux-2.3.1-2.el8.noarch.rpm > > tpm2-tools-4.1-2.el8.x86_64.rpm > > tpm2-tss-2.3.2-2.el8.x86_64.rpm > > (tpm2_import was not part of what was shipped in el8 tpm-tools) > > - openconnect-8.05-3.el8.x86_64.rpm has been rebuilt with tpm2 > > support. > > > > > > 1) extract private key > > openssl pkcs12 -in vpn.p12 -nocerts -nodes -passin pass:MYPASSWORD | > > openssl rsa -out private.pem > > > > 2) Import private key to tpm. > > tpm2_createprimary -C o -c parent.ctx -G rsa2048:null:aes128cfb > > tpm2_evictcontrol -c parent.ctx > > > > tpm2_import -i private.pem -r private_key.tss -u public_key.tss -Grsa > > -C parent.ctx > > tpm2_load -C parent.ctx -u public_key.tss -r private_key.tss -c > > key.ctx > > tpm2_evictcontrol -c key.ctx > > > > 3) Using tpm2-asn-packer-master to create TSS2 PRIVATE KEY > > (https://github.com/rpofuk/tpm2-asn-packer/blob/master/README.md). > > Perhaps there is a different/better approach. > > npx @rpofuk/tpm2-asn-packer p 81800001 private_key.tss public_key.tss > > out.key > > > > 4) Use openconnect with "-k out.key" to connect? > > > > Is this the correct approach, or am I totally off track? > > Did you get this working? > _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
