[prev in list] [next in list] [prev in thread] [next in thread]
List: trousers-users
Subject: Re: [TrouSerS-users] TPM Load Key
From: Ken Goldman <kgoldman () us ! ibm ! com>
Date: 2015-08-13 13:21:48
Message-ID: mqi5l6$q78$1 () ger ! gmane ! org
[Download RAW message or body]
At the TPM layer, the private key is almost always wrapped/encrypted by
the parent storage key. Thus, there is nothing that the TSS can do to
expose it.
The "almost" applies because migration (making a copy of a key K1 for
backup or transfer to another TPM) sends the private key K1 off the TPM
wrapped by a key K2 other than its parent. If you know the private key
K2, you can get the private key K1. Clearly, someone knows the private
key K2. Otherwise, migration of K1 would not work.
The other "almost" is the optional maintenance, but I don't know of any
hardware TPM that implemented maintenance.
On 8/13/2015 8:03 AM, Julie P wrote:
> Hi everyone,
>
> The spec says that the private key, of an RSA keypair, have to be
> encrypt before it goes out as a blob.
> Loading the blob unencrypt it.
> My aim is to verify if the private is accessed somewhere else, and how.
> (I have to prove it for my internship).
> I'm using Trousers 3.13 with an hardware TPM v1.2.
------------------------------------------------------------------------------
_______________________________________________
TrouSerS-users mailing list
TrouSerS-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic