The TPM has a key __hierarchy__ under the SRK. When you create another key, it never remains on the TPM. It always comes off chip, encrypted with (wrapped by) its parent storage key.
The TPM has a key cache, which can hold perhaps 5-10 keys. The number is TPM vendor specific and might also depend on the key size and other parameters. Middleware such as Trousers swaps keys between disk and TPM as needed. So, you can create as many keys as like. You can back them up like any other disk file. However, if the TPM fails, you lose the SRK and thus all child keys. You also lose all keys by clearing the TPM owner - a feature. To back up keys, use the TPM key migration facilities. On 3/14/2013 6:23 AM, Jan Just Keijser wrote: > hi all, > > I've managed to set up my Dell Latitude E4310 with Broadcom TPM chip as > a PKCS#11 device running CentOS 6.3 (the SRK password needing to be > empty was the stumbling block - more on that later). I can import > certificates into the cryptoki pkcs11 device, even generate keys but my > question is: where are the keys actually stored? I'm used to hardware > security tokens, such as Safenet eToken, Feitian ePass and others and in > that case the keys reside on the chip/card. Is this also true for TPM > devices? If so, how many 2048bit RSA keys can you store in a TPM chip? I > managed to generated at least 16 "onboard" 2048bit RSA keys and still no > error - how can I find out what the capacity of a TPM is? > Also, how can one list the contents of the keys stored on the TPM? > let's say the harddisk in my laptop dies at an unfortunate moment - what > procedure can I follow to restore the keys (and cryptoki tpm dir > structure) ? > > Finally: my dual-boot laptop runs CentOS 6 and Windows 7; the win7 > tpm.msc does not like an empty SRK password - it even complains that the > TPM is unusable. Where is this empty password located in the > tpm/trousers code? I just want to redefine to something wellknown so > that I can use the TPM chip under both CentOS 6 and Windows 7. > ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
