You cannot use the EK to encrypt (or more to the point, decrypt) data;
it's a very limited use key.
The TPM also does not create or use symmetric keys, due (I'm told) to
export laws.
TPMs are designed to have special-use keys; what you're looking for is
probably a binding key, which is an asymmetric key you can then use to
encrypt a symmetric key you've created. Unfortuantely, the TPM does not
perform generic encryption; you will need to use the Tspi_Data_Bind
command. Before using Tspi_Data_Bind, you will need to create the key
using Tspi_Key_CreateKey, and then load it into the TPM using
Tspi_Key_Loadkey. Loading a key is how you "get to them"; that command
will return a handle that you can then pass in to other TPM commands.
Does that help?
Ariel
On 5/12/11 12:40 PM, "Claudiu Stanciu" <[email protected]> wrote:
>Hello. I am a little confused about using the tpm. I need to do a project
>to encrypt a file, but I am having some trouble. I am working with the
>TSS stack.
>
>Can someone point me into a direction? So the tpm holds the keys, but we
>can not export them like using openssl. They are kept secure into the
>tpm. But if I want to use them to encrypt something, how can I get to
>them.
>
>I tryed a couple of things, but no succes. Right now I tried creating a
>key with
>Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_RSAKEY,initFlags,&hKey)
>; Tspi_Key_CreateKey(hKey,hSRK,0); and now i am stuck.
>
>Should I use this key to do a Tspi_Data_Bind? if yes i have a question.
>The result of this function will be an encrypted blob?
>
>
>Theoretical I should encrypt a text file using an symmetric key, but
>can't really put my fingers on it. Is it possible to use
> the rsa public key blob that is found in the EK to encrypt a text?
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
