Kent Yoder <shpedoikal <at> gmail.com> writes: > > >> I was looking into binding it, since it is only about 128 bytes. But I am > >> worried this limits me to doing the encryption on the actual machine. I > >> have written code that generates a public key and then binds it (although > >> I have yet to get Tspi_Data_Unbind to work). Am I going in the wrong direction? > > BTW, what issue are you running into when you use Unbind? > > Kent > > > If I understand correctly, you'd like to encrypt some data on a > > non-TPM machine with a symmetric key, then wrap that symmetric key > > with a TPM key and destroy the symmetric key. This would make the > > encrypted data decryptable only through a 2 step process on the > > machine with the TPM. Using TSS Bind is the right choice here. First > > you'd need to decrypt the bound data blob containing your symmetric > > key, then decrypt your data. > > > >> Is there any sample code anywhere that shows how to encrypt data using a > >> public key that can only be decrypted by the TPM that generated the public key? > > > > I don't think we have trousers test case for that, other than those > > that show how to use Bind [1]. > > > > Kent > > > > [1] http://trousers.git.sourceforge.net/git/gitweb.cgi? p=trousers/testsuite;a=blob;f=tcg/highlevel/data/Tspi_Data_Unbind05.c;h=c289503d dbe795fa2d4cd790132fc90c6deaaabe;hb=HEAD > > > >> Thanks your for your time. > >> > >> -Robb > >> > >> > >> > >> --------------------------------------------------------------------------- --- > >> For Developers, A Lot Can Happen In A Second. > >> Boundary is the first to Know...and Tell You. > >> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! > >> http://p.sf.net/sfu/Boundary-d2dvs2 > >> _______________________________________________ > >> TrouSerS-users mailing list > >> TrouSerS-users <at> lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/trousers-users > > > > > > > > -- > > IBM LTC Security >
I apologize if this hits the list twice I tried once from my email and it didn't seem to work. I get a "Authentication failed" but I am not quite sure what I am doing wrong so far. I was going to look at your example and see if I could go from there. The file in question is the unbinddata.cpp on the Tspi_Data_Unbind function. hxxp://pantherfile.uwm.edu/barrowsr/Public/TPMTesting.zip make ./createbindkey ./binddata ./unbinddata Thanks. -Robb ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
