1PT-TLS-CLIENT(1)                  strongSwan                  PT-TLS-CLIENT(1)
2
3
4

NAME

6       pt-tls-client  - Simple client using PT-TLS to collect integrity infor‐
7       mation
8

SYNOPSIS

10       pt-tls-client --connect hostname|address [--port port] [--certid
11                     hex|--cert file]+ [--keyid hex|--key file] [--key-type
12                     rsa|ecdsa] [--client client-id] [--secret password]
13                     [--mutual] [--options filename] [--quiet] [--debug level]
14
15       pt-tls-client -h | --help
16

DESCRIPTION

18       pt-tls-client  is a simple client using the PT-TLS (RFC 6876) transport
19       protocol to collect integrity measurements on the client platform.  PT-
20       TLS does an initial TLS handshake with certificate-based server authen‐
21       tication and optional certificate-based client authentication.   Alter‐
22       natively  simple password-based SASL client authentication protected by
23       TLS can be used.
24
25       Attribute requests and integrity measurements are exchanged via the PA-
26       TNC  (RFC  5792)  message protocol between any number of Integrity Mea‐
27       surement Verifiers (IMVs) residing on the remote PT-TLS server and mul‐
28       tiple Integrity Measurement Collectors (IMCs) loaded dynamically by the
29       PT-TLS client according to a list defined  by  /etc/tnc_config.  PA-TNC
30       messages  that contain one or several PA-TNC attributes are multiplexed
31       into PB-TNC (RFC 5793) client or server data batches which in turn  are
32       transported via PT-TLS.
33

OPTIONS

35       -h, --help
36              Prints  usage  information  and a short summary of the available
37              commands.
38
39       -c, --connect hostname|address
40              Set the hostname or IP address of the PT-TLS server.
41
42       -p, --port port
43              Set the port of the PT-TLS server, default: 271.
44
45       -x, --cert file
46              Set the path to an X.509 certificate file. This  option  can  be
47              repeated to load multiple client and CA certificates.
48
49       -X, --certid hex
50              Set the handle of the certificate stored in a smartcard or a TPM
51              2.0 Trusted Platform Module.
52
53       -k, --key file
54              Set the path to the client's PKCS#1 or PKCS#8 private key file
55
56       -t, --key-type type
57              Define the type of the private key if stored in  PKCS#1  format.
58              Can be omitted with PKCS#8 keys.
59
60       -K, --keyid hex
61              Set  the keyid of the private key stored in a smartcard or a TPM
62              2.0 Trusted Platform Module.
63
64       -i, --client client-id
65              Set the username or client ID of the client required  for  pass‐
66              word-based SASL authentication.
67
68       -s, --secret password
69              Set  the  preshared secret or client password required for pass‐
70              word-based SASL authentication.
71
72       -q, --mutual
73              Enable mutual  attestation  between  PT-TLS  client  and  PT-TLS
74              server.
75
76       -v, --debug level
77              Set debug level, default: 1.
78
79       -q, --quiet
80              Disable debug output to stderr.
81
82       -+, --options file
83              Read command line options from file.
84

EXAMPLES

86       Connect  to  a  PT-TLS  server  using certificate-based authentication,
87       storing the private ECDSA key in a file:
88
89         pt-tls-client --connect pdp.example.com --cert ca.crt \
90                       --cert client.crt --key client.key --key-type ecdsa
91
92       Connect to a  PT-TLS  server  using  certificate-based  authentication,
93       storing  the  private  key in a smartcard or a TPM 2.0 Trusted Platform
94       Module:
95
96         pt-tls-client --connect pdp.example.com --cert ca.crt \
97                       --cert client.crt --keyid 0x81010002
98
99       Connect to a PT-TLS server listening on port 443, using SASL  password-
100       based authentication:
101
102         pt-tls-client --connect pdp.example.com --port 443 --cert ca.crt \
103                       --client jane --password p2Nl9trKlb
104

FILES

106       /etc/tnc_config
107

SEE ALSO

109       strongswan.conf(5)
110
111
112
113
1145.9.6                             2018-11-20                  PT-TLS-CLIENT(1)
Impressum