Hi Robb, > I would like to generate a generate a public key associated with a TPM that > allows my to encrypt data on other machines. That data then would only be > able to be decrypted by the machine with that TPM on it. > > Does Trousers/TPM offer a facility for this? > > I was looking into binding it, since it is only about 128 bytes. But I am > worried this limits me to doing the encryption on the actual machine. I > have written code that generates a public key and then binds it (although > I have yet to get Tspi_Data_Unbind to work). Am I going in the wrong > direction?
If I understand correctly, you'd like to encrypt some data on a non-TPM machine with a symmetric key, then wrap that symmetric key with a TPM key and destroy the symmetric key. This would make the encrypted data decryptable only through a 2 step process on the machine with the TPM. Using TSS Bind is the right choice here. First you'd need to decrypt the bound data blob containing your symmetric key, then decrypt your data. > Is there any sample code anywhere that shows how to encrypt data using a > public key that can only be decrypted by the TPM that generated the public > key? I don't think we have trousers test case for that, other than those that show how to use Bind [1]. Kent [1] http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/testsuite;a=blob;f=tcg/highlevel/data/Tspi_Data_Unbind05.c;h=c289503ddbe795fa2d4cd790132fc90c6deaaabe;hb=HEAD > Thanks your for your time. > > -Robb > > > > ------------------------------------------------------------------------------ > For Developers, A Lot Can Happen In A Second. > Boundary is the first to Know...and Tell You. > Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! > http://p.sf.net/sfu/Boundary-d2dvs2 > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users -- IBM LTC Security ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
