<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>OpenConnect VPN client.</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="description" content="VPN client compatible with Cisco AnyConnect SSL VPN" /> <meta name="keywords" content="OpenConnect, AnyConnect, Cisco, VPN, SSLVPN, SSL VPN" /> <link href="./styles/main.css" rel="styleSheet" type="text/css" /> <link href='http://fonts.googleapis.com/css?family=Raleway' rel='stylesheet' type='text/css' /> </head> <body> <div id="logo" align="right"> <img src="./images/openconnect.png" height="96px" alt="OpenConnect" /> </div> <div id="main"> <div id="menu1"> <span class="nonsel"> <a href="index.html"><span>Home</span></a> </span> <span class="sel"> <a href="features.html"><span>Features</span></a> </span> <span class="nonsel"> <a href="building.html"><span>Getting Started</span></a> </span> <span class="nonsel"> <a href="mail.html"><span>Mailing List / Help</span></a> </span> <span class="nonsel"> <a href="contribute.html"><span>Contribute</span></a> </span> <span class="nonsel"> <a href="anyconnect.html"><span>Protocols</span></a> </span> <span class="nonsel"> <a href="http://www.infradead.org/ocserv/"><span>VPN Server</span></a> </span> <p>OpenConnect VPN client</p> </div> <div id="menu2"> <span class="nonsel"> <a href="features.html"><span>Feature list</span></a> </span> <span class="nonsel"> <a href="nonroot.html"><span>Running as non-root user</span></a> </span> <span class="nonsel"> <a href="csd.html"><span>Cisco Secure Desktop</span></a> </span> <span class="nonsel"> <a href="gui.html"><span>GUI</span></a> </span> <span class="nonsel"> <a href="charset.html"><span>Character sets</span></a> </span> <span class="nonsel"> <a href="token.html"><span>One Time Passwords</span></a> </span> <span class="nonsel"> <a href="pkcs11.html"><span>Smart Cards / PKCS#11</span></a> </span> <span class="sel"> <a href="tpm.html"><span>Trusted Platform Module (TPM)</span></a> </span> </div> <div id="textbox"> <div id="text"> </div> <h1>Trusted Platform Module (TPM) support</h1> <p>OpenConnect supports the use of private keys secured or "wrapped" by a TPM. These keys appear in the form of a PEM file marked with the tag: <pre>-----BEGIN TSS KEY BLOB-----</pre> These files can be created by the <tt>create_tpm_key</tt> tool which is part of the <a href="https://sourceforge.net/p/trousers/openssl_tpm_engine">OpenSSL TPM ENGINE</a> or the <a href="https://www.gnutls.org/manual/html_node/tpmtool-Invocation.html">tpmtool</a> which is part of the GnuTLS distribution.</p> <p>Use of TPM-wrapped keys is entirely transparent with GnuTLS. If built with TPM support, OpenConnect will automatically use the TPM when presented with an approprate PEM file with a TPM-wrapped key.</p> <p>For OpenSSL, the TPM ENGINE must be installed correctly on the system, and OpenConnect will load and use it automatically when appropriate. </p> </div> </div> </body> </html>