Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
51525354555657585960
EngineConfigSection
Specifies the name of the section within the OpenSSL configuration
file that contains the engine directives necessary to load and
initialize the TPM OpenSSL engine.
Default: server_conf. HP recommends that you use the default
value, which matches the value used in /etc/opt/tcs/
openssl.cnf, the OpenSSL configuration file included with TCS.
TIP: If the default values for EngineConfigFile and EngineConfigSection keywords
meet your requirements, you can just add the following entry to an existing sshd configuration
file:
EngineHostRSAKey myKeyBlob
Where myKeyBlob is the path to a TPM-protected RSA key pair created using tpmcreate. For
example:
EngineHostRSAKey /etc/opt/tcs/mySSHKeyblob
Step 4: Installing and Modifying the OpenSSL Configuration File
The sshd daemon uses OpenSSL routines to read dynamic engine information from an OpenSSL
configuration file. TCS includes the file /opt/tcs/misc/engine_tpm.cnf, a sample OpenSSL
configuration file that contains the information required by sshd to load and initialize the TPM
OpenSSL engine. There are two methods for using the /opt/tcs/misc/engine_tpm.cnf
file:
As a standalone configuration file for sshd and no other OpenSSL utilities or applications.
HP recommends that you use this method. This method is described in “Using the TCS
Sample OpenSSL Configuration File as a Standalone File” (page 59).
Merged with an OpenSSL configuration file used for other OpenSSL utilities or applications.
This method is described in “Merging the TCS Sample OpenSSL Configuration File with an
Existing File” (page 59).
TCS Sample OpenSSL Configuration File
The contents of /opt/tcs/misc/engine_tpm.cnf are as follows:
# Configuration settings for a server loading the TPM engine
server_conf = tpm_def
[ tpm_def ]
engines = server_engines
[ server_engines ]
tpm = tpm_section
[ tpm_section ]
# Rename the engine to tpm, if not called that in the above line.
# engine_id = tpm
# Use 64-bit engine built on OpenSSL 0.9.7
dynamic_path = /opt/tcs/lib/hpux64/engines/libtpm.so.0
#default_algorithms = RAND,RSA
default_algorithms = ALL
# Call the loaded engine initialization routine
init = 1
58 Using TCS RSA Keys with HP-UX Secure Shell