You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Instead of loading the certificate into the browser store and all the incompatibilites and annoyances that comes with, I think mtls-cli could be implemented as a PKCS#11 library:
Browsers support using PKCS#11 to load certificates and handle their private key operations.
Last time I looked into this the easiest way to create virtual/custom PKCS#11 devices was libtpm2 (https://github.com/tpm2-software). By using e.g. libtpm2-pkcks11 you could even bind the key to a specific machine, accomplishing a major goal in the zero-trust networking paper.
The text was updated successfully, but these errors were encountered:
Instead of loading the certificate into the browser store and all the incompatibilites and annoyances that comes with, I think mtls-cli could be implemented as a PKCS#11 library:
Browsers support using PKCS#11 to load certificates and handle their private key operations.
Last time I looked into this the easiest way to create virtual/custom PKCS#11 devices was libtpm2 (https://github.com/tpm2-software). By using e.g. libtpm2-pkcks11 you could even bind the key to a specific machine, accomplishing a major goal in the zero-trust networking paper.
The text was updated successfully, but these errors were encountered: