Hello trousers users, I'd like to send a secret securely from a server to a client with TPM and make sure only the client with the TPM can get the secret. I wonder if something like this would work:
1. generate and register an RSA key pair on the client's TPM, copy its UUID as well as its public key to the server 2. when the connection between the client and server is established, the server encrypts the secret using the TPM public key, sends the encrypted secret and the UUID of the TPM key to the client 3. the client's TPM loads the TPM key using the UUID and unbinds the encrypted secret I understand Tspi_Data_Unbind can unbind data encrypted with Tspi_Data_Bind using the same key, but would it also work with data encrypted outside TPM? I'm guessing if the same decryption algorithm is used as the encryption, then it would, but I don't know much about RSA. Thank you. Shu ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
