On Thu, Feb 16, 2012 at 06:27:09AM +0000, Yang, Xiao (Linux) wrote: > Hi All, > > I'm trying to develop a product using TPM and trousers-0.3.7, which can > decrypt cipher text with RSA keys generated outside TPM. > > I have already written applications create RSA keys by Tspi_Key_CreateKey(), > and sign/verify by Tspi_Hash_Sign()/Tspi_Hash_VerifySignature() with these > keys, they work very well on my platform. > However, I am wondering now if it is possible to encrypt/decrypt with RSA > keys generated outside TPM chips, say by another machine's openssl > applications? > > There is a RSA_generate_keys() function in openssl library, I plann to use it > generate RSA key-pair, and encrypt something with the private key. > > My question is: Does there exist a way for me to set the public key into TPM > chip, and let TPM chip decrypt cipher-text with the public key? > > I am trying use Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, > TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, ...); to set public key into TPM chip, I > just have no idea what TSS API I can use to decrypt something with hKey then, > or there's such APIs even? > > Please anyone know anything about this give me a feedback. Thanks in advance > so~~ much! > > > Best Regards > Edward.Yang (#7023)
As far as I know, you generate key pairs outside the TPM and then load them into the TPM. If you could do that, I think you'd be able to obtain secrets such as tpmProof, thus violating some of the security properties of the TPM. Is there a reason to use the TPM in this case? If you already have the private key, do the cryptography in software. ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
