Yes. From the TPM perspective, those blobs are just handed to the user
when you create a key; it doesn't care which software is providing the
blob when it's used. The system was designed so that restoring from a
backup in the event of hard drive failure, OS replacement, or other
user-level software change is entirely feasible.
If you have software doing automated key management, the only real
question is how that software handles restoring from a backup; the TPM
will not cause problems.
Ariel
On 8/31/11 10:50 AM, "Olga Chen" <[email protected]> wrote:
>On Wed, Aug 31, 2011 at 10:44 AM, Segall, Ariel E <[email protected]>
>wrote:
>
>
>Olga: The TPM itself has no on-disk key storage, although some
>applications may use the disk for key storage in an automated fashion. You
>are correct that the TPM only stores that limited set of keys inside the
>chip.
>
>This means that in the event of a hard-drive failure, the SRK should still
>be accessible, but any storage (or other user-created) keys that were on
>the hard disk will be lost unless they were backed up. However, the
>backups should be restorable without any trouble from the TPM perspective,
>and as you say, owner-evict keys are an exception.
>
>
>
>So if I find where the TPM stores the encrypted "blob" with all the
>storage keys, copy it somewhere else, then re-install the OS, and then
>copy the "blob" back, I should be able to use the same keys?
>
>
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
