[prev in list] [next in list] [prev in thread] [next in thread] 

List:       trousers-users
Subject:    Re: [TrouSerS-users] TPM Load Key
From:       Ken Goldman <kgoldman () us ! ibm ! com>
Date:       2015-08-13 13:21:48
Message-ID: mqi5l6$q78$1 () ger ! gmane ! org
[Download RAW message or body]

At the TPM layer, the private key is almost always wrapped/encrypted by 
the parent storage key.  Thus, there is nothing that the TSS can do to 
expose it.

The "almost" applies because migration (making a copy of a key K1 for 
backup or transfer to another TPM) sends the private key K1 off the TPM 
wrapped by a key K2 other than its parent.  If you know the private key 
K2, you can get the private key K1.  Clearly, someone knows the private 
key K2.  Otherwise, migration of K1 would not work.

The other "almost" is the optional maintenance, but I don't know of any 
hardware TPM that implemented maintenance.

On 8/13/2015 8:03 AM, Julie P wrote:
> Hi everyone,
>
> The spec says that the private key, of an RSA keypair, have to be
> encrypt before it goes out as a blob.
> Loading the blob unencrypt it.
> My aim is to verify if the private is accessed somewhere else, and how.
> (I have to prove it for my internship).
> I'm using Trousers 3.13 with an hardware TPM v1.2.



------------------------------------------------------------------------------
_______________________________________________
TrouSerS-users mailing list
TrouSerS-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-users
[prev in list] [next in list] [prev in thread] [next in thread]