I have a usecase where i need to encrypt the configFile with TPM or Yubikey; so decryption will happen at runtime. I need to pass in raw string to ziti.newConfigFromFile or zitiContext , not a file path.
My suggestion is that, can we have process automatically detect the input and it load it automatically, regardless if its a file path or raw string ? The process should be able to detect if its a config file based on contents.
On the screenshot below (right image), zitiContext can't recognize the input because it's not a file path.
Note that, it would be okay to use filePath approach on the server on private network but when distributing the app to end users, there's a need to encrypt the certificate once enrolled.
Ziti SDK allows you to use YubiKey as a hardware key (via PKCS#11 driver), that way the private key is not stored in the identity file, and, instead, the file just has a reference to the YubiKey slot.
This may remove the need to encrypt your identity file since it won't have sensitive data.
Thanks to @ekoby, a new, fixed C SDK was published and I was able to publish OpenZiti.NET.0.9.23355.37738. I updated the WeatherSample (which I use to test) with usage:
thank you @ekoby and @TheLumberjack I was able to confirm that it works. Here's the video for confirmation: https://youtu.be/U8ugrSULOac . WinUI3 can't use TPM to persist key because of its sandbox limitation so I had to use yubikey. I'm excited to use vTPM on Google Cloud to protect the certificate on the server side and further integration.
@smilindave26 I will likely deploy the app on microsoft store where end user can simply install it easilly without the need to install other tools.
