Hello, I know that gnupg supports TPMs (from 2.3 IIRC) via keytotpm command.
But AFAIK the main "selling point" of TPMs is binding encryption of secrets to specific software versions and system state via hashes (PCRs), so that the enrolled key is only accessible (may be "unsealed") if specific trusted software and/or configuration is used. Does gpg supports binding keys to PCRs' state? Are there any plans to add such feature? Is it possible to somehow work it around before it is implemented? Thank you in advance. -- Grzegorz Kulewski _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
