The answer really depends on the software you're using. What programs are
you using to create and manage TPM keys? Perhaps someone on the list has
experience with specific applications.
The programs that I've used and written all delegate blob storage and
backup to the user (user specifies filenames to store particular blobs
in), so I'm not sure I can help much with a generic search for keys.
Ariel
On 8/31/11 1:29 PM, "Olga Chen" <[email protected]> wrote:
>Ariel -
>Do you know whereon the hard drive the encrypted "blobs" of TPM-encrypted
>storage keys are stored? Either on Linux or Windows? I've trying to find
>out without success.
>
>
>On Wed, Aug 31, 2011 at 10:57 AM, Segall, Ariel E <[email protected]>
>wrote:
>
>
>Yes. From the TPM perspective, those blobs are just handed to the user
>when you create a key; it doesn't care which software is providing the
>blob when it's used. The system was designed so that restoring from a
>backup in the event of hard drive failure, OS replacement, or other
>user-level software change is entirely feasible.
>
>If you have software doing automated key management, the only real
>question is how that software handles restoring from a backup; the TPM
>will not cause problems.
>
> Ariel
>
>On 8/31/11 10:50 AM, "Olga Chen" <[email protected]> wrote:
>
>>On Wed, Aug 31, 2011 at 10:44 AM, Segall, Ariel E <[email protected]>
>>wrote:
>>
>>
>>Olga: The TPM itself has no on-disk key storage, although some
>>applications may use the disk for key storage in an automated fashion.
>>You
>>are correct that the TPM only stores that limited set of keys inside the
>>chip.
>>
>>This means that in the event of a hard-drive failure, the SRK should
>>still
>>be accessible, but any storage (or other user-created) keys that were on
>>the hard disk will be lost unless they were backed up. However, the
>>backups should be restorable without any trouble from the TPM
>>perspective,
>>and as you say, owner-evict keys are an exception.
>>
>>
>>
>>So if I find where the TPM stores the encrypted "blob" with all the
>>storage keys, copy it somewhere else, then re-install the OS, and then
>>copy the "blob" back, I should be able to use the same keys?
>>
>>
>
>
>
>
>
>
>
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
