I'm answering about the TPM behavior. I don't know tpm-pkcs11. On 3/19/2013 12:13 PM, Jan Just Keijser wrote: > Ken Goldman wrote: > > perhaps I do not understand how TPM encryption works: what I want to > protect is a RSA 2048bit key (coupled to an X509 cert). With a hardware > token, the key is moved "onto" the hardware token and if an attacker > tries to sign data with the key then after N attempts the token blocks.
Correct, except that N is a global. When you exceed N, the entire TPM blocks. Note that N and the definition of 'block' are TPM vendor specific. > If I understand it correctly, with the current TPM-pkcs11 setup the keys > are stored on disk, but encrypted by the TPM itself. The TPM is accessed > via the SRK key, which has to be set to a well defined value for > opencryptoki. The keys are furthermore encrypted by the pkcs11 PIN, > which is not stored on the TPM itself. Is that correct? Or is the pkcs11 > PIN (and SO-PIN) also stored on the TPM chip? if so, where and how? The SRK is not set to a known value, just it's password. The SRK itself is unique and locked to the TPM. At the TPM layer, the keys are only encrypted by the SRK, not a PIN. Perhaps the PIN is used as the TPM authentication value (~ password)? The TPM auth value is stored in the key blob along with the private key as part of the encrypted area. Key auth values are not stored on the TPM. They come on and off with the rest of the key blob. > If my understanding is correct I could foresee the following attack: a > thief steals my laptop and could do a brute force attack on the pkcs11 > PIN to recover my key. The TPM would not lock up , as the SRK key is > known and used. As soon as the pkcs11 PIN is broken the thief can use > the RSA key stored in the pkcs11 device to forge my identity. > > What am I missing? If the PIN is indeed the key's auth value, you can't brute force it outside the TPM. It's encrypted by the SRK, whose private key you don't know. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
