Recently I started working with a TPM (version 1.2), and after checking the oficial GnuTLS API, I was wondering which API functions are the correct ones to do all the crypto stuff inside the chip (sign certificates get pk+ keys etc...).
At the moment Im able of getting this data outside of the TPM so I can sign or get a private key in my C code but thats not what I want.
Thank all!
The sequence of events is something like this:
gnutls_tpm_key_list_get_url to get the list of the TPM keys.gnutls_privkey_import_tpm_url.gnutls_privkey_t object you can use with the abstract API just like any other key. In your case, you probably want to use gnutls_privkey_sign_data or one of the similar signing functions.Keep in mind that going with this approach limits you to TPM 1.2. From GnuTLS docs:
Note that we recommend against using TPM with this API because it is restricted to TPM 1.2. We recommend instead to use PKCS#11 wrappers for TPM such as CHAPS14 or opencryptoki15. These will allow using the standard smart card and HSM functionality (see Smart cards and HSMs) for TPM keys.