Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hslatman/tpmkms-mtls-example

An example application showcasing parts of TPM KMS, TPM and TSS2 usage with mTLS.
https://github.com/hslatman/tpmkms-mtls-example

crypto tpm tpm2

Last synced: about 1 month ago
JSON representation

An example application showcasing parts of TPM KMS, TPM and TSS2 usage with mTLS.

Host: GitHub
URL: https://github.com/hslatman/tpmkms-mtls-example
Owner: hslatman
License: apache-2.0
Created: 2024-01-26T10:00:09.000Z (10 months ago)
Default Branch: main
Last Pushed: 2024-01-26T12:41:32.000Z (10 months ago)
Last Synced: 2024-01-26T13:51:16.941Z (10 months ago)
Topics: crypto, tpm, tpm2
Language: Go
Homepage:
Size: 18.6 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# tpmkms-mtls-example

An example application showcasing parts of [TPMKMS](https://github.com/smallstep/crypto/tree/master/kms/tpmkms), [tpm](https://github.com/smallstep/crypto/tree/master/tpm) and [tss2](https://github.com/smallstep/crypto/tree/master/tpm/tss2) usage for mTLS.

An mTLS request to https://certauth.cryptomix.com is made using a private key backed by a TPM, and the results are printed afterwards.

## Examples

```console
# use (or generate) "my-key", and generate a temporary certificate
go run main.go --key my-key

# use (or generate) "my-key" and use provided certificate (chain)
go run main.go --key my-key --cert client.pem

# use (or generate) "my-key", force TSS2 (re)load of the key, and generate a temporary certificate
go run main.go --key my-key --tss2

# use a previously created TSS2 key file
go run main.go --key test.tss2.pem

# use (or generate) "my-key", generate a temporary certificate, and print verbose output
go run main.go --key my-key --verbose
```

## Usage

```console
Usage of tpmkms-mtls-example:
-cert string
path to the certificate to use (defaults to automatically generating one)
-device string
TPM device name to use (defaults to automatic detection)
-key string
name or path of the key to use (defaults to generating a new one)
-roots string
path to file with (additional) trusted root CA certificates (defaults to system trust store)
-storage-directory string
storage directory to use (default ".tpmkeys")
-tss2
force (re)load key using TSS2 format
-url string
URL to request (default "https://certauth.cryptomix.com:443")
-verbose
more (debug) output
```