On Thu, Feb 16, 2012 at 10:28:33AM +0000, Joshua Phillips wrote: > On Thu, Feb 16, 2012 at 06:27:09AM +0000, Yang, Xiao (Linux) wrote: > > Hi All, > > > > I'm trying to develop a product using TPM and trousers-0.3.7, which can > > decrypt cipher text with RSA keys generated outside TPM. > > > > I have already written applications create RSA keys by > > Tspi_Key_CreateKey(), and sign/verify by > > Tspi_Hash_Sign()/Tspi_Hash_VerifySignature() with these keys, they work > > very well on my platform. > > However, I am wondering now if it is possible to encrypt/decrypt with RSA > > keys generated outside TPM chips, say by another machine's openssl > > applications? > > > > There is a RSA_generate_keys() function in openssl library, I plann to use > > it generate RSA key-pair, and encrypt something with the private key. > > > > My question is: Does there exist a way for me to set the public key into > > TPM chip, and let TPM chip decrypt cipher-text with the public key? > > > > I am trying use Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, > > TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, ...); to set public key into TPM chip, I > > just have no idea what TSS API I can use to decrypt something with hKey > > then, or there's such APIs even? > > > > Please anyone know anything about this give me a feedback. Thanks in > > advance so~~ much! > > > > > > Best Regards > > Edward.Yang (#7023) > > As far as I know, you generate key pairs outside the TPM and then load > them into the TPM. If you could do that, I think you'd be able to obtain > secrets such as tpmProof, thus violating some of the security properties > of the TPM. > > Is there a reason to use the TPM in this case? If you already have the > private key, do the cryptography in software.
Sorry, correction: As far as I know, you *can't* generate key pairs outside the TPM... ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
