I have been asked to implement a PKI solution for a customer using the Identity Protection Technology of Intel VPro.
We have an own Java CA on a Linux server and need to generate certificates signed by our CA for authentication, as well as e-mail encryption keys which also must be stored in the CA as a backup.
The Intel IPT documentation only advises to use their own IPT CA on a Microsoft server, but this does not match our environment.
The IntelJCE documentation https://software.intel.com/en-us/articles/providing-hardware-based-security-by-leveraging-intel-iden... Providing Hardware-based Security to Java* Applications by leveraging Intel® Identity Protection Technology and Java Cry… also seems to be insufficient for this use case.
So is there any way to implement this solution and where can I get the complete interface description?
Thanks for joining the community.
The issue you describe is certainly a complex one and we will need to do some further research.
In the meantime let me share with you the Intel Setup and Configuration Software User Guide which describes the Remote configuration for PKI in page 13: https://www.intel.com/content/dam/support/us/en/documents/software/Intel_SCS_User_Guide.pdf https://www.intel.com/content/dam/support/us/en/documents/software/Intel_SCS_User_Guide.pdf# page=13 for reference.
We will get back to you as soon as we have updates.
Thank you for your assistance. I hope you can help us find a solution.
I think the central question is if IPT supports the PKCS # 11 interface or something equivalent for the operations mentioned above.
I apologize for the long delay. We are still waiting for a word from our engineering department. We will keep you posted, hopefully I will be soon.