search

datapartyjs / gpg-promised

The GPG interface for nodejs we were promised
http://dataparty.xyz
Apache License 2.0
1 stars 1 forks source link

FEAT | Support TPM keys #33

Open sevenbitbyte opened 1 year ago

sevenbitbyte commented 1 year ago

🚀 Feature Proposal

Support TPM based private keys.

https://superuser.com/questions/1501628/how-to-store-gpg-keys-in-tpm

https://github.com/alonbl/gnupg-pkcs11-scd

https://github.com/tpm2-software/tpm2-pkcs11

sevenbitbyte commented 1 year ago

Making progress. Dev'ing against the swtpm in LXD for now. Seems ubuntu 22.04 based distros need gpg upgraded to 2.3.x or 2.4.x versions. Doesn't appear to be a nice package for this so have to build this manually.

GPG + TPM2.0

Not much to it really, just select a key and call keytotpm on it and it'll be converted to TPM format.

https://gnupg.org/blog/20210315-using-tpm-with-gnupg-2.3.html

Simulated TPM2.0 in LXD

https://www.youtube.com/watch?v=iE1TN7YIqP0

https://documentation.ubuntu.com/lxd/en/latest/reference/devices_tpm/

Upgrading to GnuPG 2.4.x

https://www.procustodibus.com/blog/2023/02/gpg-2-4-on-ubuntu-22-04/

https://askubuntu.com/questions/1242572/how-to-upgrade-to-gnupg-2-2-8

sevenbitbyte commented 1 year ago

apt install libtss2-dev

Needed additional package not mentioned in install guide to get TPM enabled.

Screenshot_2023-10-08_20-08-07

sevenbitbyte commented 1 year ago

Not finding container's virtual TPM...

Install ibmtss2 manually from the repo below. Needed additional packages:

https://sourceforge.net/projects/ibmtpm20tss/