diff --git a/docs/CURL_TPM 2.0.md b/docs/CURL_TPM 2.0.md deleted file mode 100644 index e04ee2fd0b..0000000000 --- a/docs/CURL_TPM 2.0.md +++ /dev/null @@ -1,9 +0,0 @@ -## Note for users with TPM (Trusted Platform Module) 2.0 with OpenSSL - -In order to use Curl with a TPM 2.0, you must use external engines to use your TPM 2.0 -and use this command `curl --key /path/to/key.tss --cert /path/to/cert.crt https://my-server.com/download/url`. - -Replace `/path/to/key.tss` with your ssl key and `/path/to/cert.crt` with your cert key. - - -For more information, see [this issue](https://github.com/curl/curl/issues/16474). \ No newline at end of file diff --git a/docs/cmdline-opts/cert.md b/docs/cmdline-opts/cert.md index 5aaaac2034..331d71bda6 100644 --- a/docs/cmdline-opts/cert.md +++ b/docs/cmdline-opts/cert.md @@ -58,3 +58,9 @@ usually a SHA-1 hex string which you can see in certificate details. Following store locations are supported: *CurrentUser*, *LocalMachine*, *CurrentService*, *Services*, *CurrentUserGroupPolicy*, *LocalMachineGroupPolicy* and *LocalMachineEnterprise*. + +# Using OpenSSL Engine with TPM 2.0 + +To use an OpenSSL engine with a TPM 2.0, +use this command +`curl --key /path/to/key.tss --cert /path/to/cert.crt https://my-server.com/download/url`. \ No newline at end of file diff --git a/docs/cmdline-opts/key.md b/docs/cmdline-opts/key.md index 355f4fcd96..9f2b6d4c5d 100644 --- a/docs/cmdline-opts/key.md +++ b/docs/cmdline-opts/key.md @@ -27,8 +27,15 @@ private key located in a PKCS#11 device. A string beginning with `pkcs11:` is interpreted as a PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option is set as `pkcs11` if none was provided and the --key-type option is set as `ENG` or `PROV` if none was provided (depending on OpenSSL version). +For If curl is built against Secure Transport or Schannel then this option is ignored for TLS protocols (HTTPS, etc). Those backends expect the private key to be already present in the keychain or PKCS#12 file containing the certificate. + +# Using OpenSSL Engine with TPM 2.0 + +To use an OpenSSL engine with a TPM 2.0, +use this command +`curl --key /path/to/key.tss --cert /path/to/cert.crt https://my-server.com/download/url`. \ No newline at end of file