Created attachment 400522 [details] app-crypt/simple-tpm-pk11-0.03.ebuild simple-tpm-pk11 is a "Simple PKCS11 provider for TPM chips". It allows you to use your systems TPM chip as crypto-provider to secure your ssh keys.
This is something ive been wanting to try and play around with. I'll test it and add it. Do you want to proxy maintain this as well?
(In reply to Jason Zaman from comment #1) > This is something ive been wanting to try and play around with. I'll test it > and add it. Do you want to proxy maintain this as well? well, if i got it to work, i'd be willing to. If you get it to work, let me know. For me openssh fails with "cannot read public key from pkcs11" while stpm-sign works.
Created attachment 400762 [details] app-crypt/simple-tpm-pk11.ebuild I finally with kind help from upstream could get it to work. It depends on openssh not using the X509 patch. I adapted the ebuild.
Created attachment 400764 [details] app-crypt/simple-tpm-pk11-0.03.ebuild fixed version in ebuild name
Ive tested this for a while, its working fine for me. Its been added to the tree now. Thanks!