From 4c7ec8fe7ff799bef7cd13d0972a260c22fece37 Mon Sep 17 00:00:00 2001 From: Monochrome-debug Date: Wed, 26 Feb 2025 12:23:00 -0500 Subject: [PATCH 1/2] Added new documentation for users of TPM 2.0 --- docs/CURL_TPM 2.0.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 docs/CURL_TPM 2.0.md diff --git a/docs/CURL_TPM 2.0.md b/docs/CURL_TPM 2.0.md new file mode 100644 index 0000000000..e04ee2fd0b --- /dev/null +++ b/docs/CURL_TPM 2.0.md @@ -0,0 +1,9 @@ +## Note for users with TPM (Trusted Platform Module) 2.0 with OpenSSL + +In order to use Curl with a TPM 2.0, you must use external engines to use your TPM 2.0 +and use this command `curl --key /path/to/key.tss --cert /path/to/cert.crt https://my-server.com/download/url`. + +Replace `/path/to/key.tss` with your ssl key and `/path/to/cert.crt` with your cert key. + + +For more information, see [this issue](https://github.com/curl/curl/issues/16474). \ No newline at end of file From a07f6d8e800bdda0f63a7c5ac421515f71e7c4cf Mon Sep 17 00:00:00 2001 From: Monochrome-debug Date: Fri, 28 Feb 2025 21:26:48 -0500 Subject: [PATCH 2/2] Changed TPM 2.0 documentation to better align with warnings and wants for cURL contributors --- docs/CURL_TPM 2.0.md | 9 --------- docs/cmdline-opts/cert.md | 6 ++++++ docs/cmdline-opts/key.md | 7 +++++++ 3 files changed, 13 insertions(+), 9 deletions(-) delete mode 100644 docs/CURL_TPM 2.0.md diff --git a/docs/CURL_TPM 2.0.md b/docs/CURL_TPM 2.0.md deleted file mode 100644 index e04ee2fd0b..0000000000 --- a/docs/CURL_TPM 2.0.md +++ /dev/null @@ -1,9 +0,0 @@ -## Note for users with TPM (Trusted Platform Module) 2.0 with OpenSSL - -In order to use Curl with a TPM 2.0, you must use external engines to use your TPM 2.0 -and use this command `curl --key /path/to/key.tss --cert /path/to/cert.crt https://my-server.com/download/url`. - -Replace `/path/to/key.tss` with your ssl key and `/path/to/cert.crt` with your cert key. - - -For more information, see [this issue](https://github.com/curl/curl/issues/16474). \ No newline at end of file diff --git a/docs/cmdline-opts/cert.md b/docs/cmdline-opts/cert.md index 5aaaac2034..331d71bda6 100644 --- a/docs/cmdline-opts/cert.md +++ b/docs/cmdline-opts/cert.md @@ -58,3 +58,9 @@ usually a SHA-1 hex string which you can see in certificate details. Following store locations are supported: *CurrentUser*, *LocalMachine*, *CurrentService*, *Services*, *CurrentUserGroupPolicy*, *LocalMachineGroupPolicy* and *LocalMachineEnterprise*. + +# Using OpenSSL Engine with TPM 2.0 + +To use an OpenSSL engine with a TPM 2.0, +use this command +`curl --key /path/to/key.tss --cert /path/to/cert.crt https://my-server.com/download/url`. \ No newline at end of file diff --git a/docs/cmdline-opts/key.md b/docs/cmdline-opts/key.md index 355f4fcd96..9f2b6d4c5d 100644 --- a/docs/cmdline-opts/key.md +++ b/docs/cmdline-opts/key.md @@ -27,8 +27,15 @@ private key located in a PKCS#11 device. A string beginning with `pkcs11:` is interpreted as a PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option is set as `pkcs11` if none was provided and the --key-type option is set as `ENG` or `PROV` if none was provided (depending on OpenSSL version). +For If curl is built against Secure Transport or Schannel then this option is ignored for TLS protocols (HTTPS, etc). Those backends expect the private key to be already present in the keychain or PKCS#12 file containing the certificate. + +# Using OpenSSL Engine with TPM 2.0 + +To use an OpenSSL engine with a TPM 2.0, +use this command +`curl --key /path/to/key.tss --cert /path/to/cert.crt https://my-server.com/download/url`. \ No newline at end of file