Richard wrote: > Let me understand better your concern: you don't want TrouSerS to write > keys on disk, because they can be retrieved by someone?
I'm concerned with any cryptography done in software, including generating keys that actually matter in the trust chain or for key storage. Storing on disk is just the biggest concern. Even having them in RAM seems wrong. I'm also concerned about *any* way to extract the keys from the TPM, even for attackers that have the user or SO PIN, or even the owner password and SRK (and the SRK needs to be well known for pkcs11, it seems). > If yes, then you don't need to worry about it, since the keys are > ciphered by strong criptography before they're written on disk. Yes, but encrypted with what key? http://trousers.sourceforge.net/pkcs11.html seems to tell me that if I know the user PIN, and have the PRIVATE_ROOT_KEY.pem file, then I can extract the keys actually used for authentication (or whatever I use my pkcs11 for), by telling the TPM chip to "migrate" my keys. So in other words: How do "migratable" keys not enable a bypass of the whole reason for having a TPM chip in the first place? -- typedef struct me_s { char name[] = { "Thomas Habets" }; char email[] = { "[email protected]" }; char kernel[] = { "Linux" }; char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; }; char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" }; char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" }; } me_t; ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
