On 11/14/2013 11:13 AM, Thomas Habets wrote: > I generated some keys with: > > pkcs11-tool --module=/usr/lib/opencryptoki/libopencryptoki.so.0 \ > --login --keypairgen -d 01 \ > -a "$(whoami)@$(hostname --fqdn) key" \ > --key-type rsa:2048 > > But they are migratable. I can delete the on-disk key "backups" to try > to prevent migration, but they have been stored on disk, so the TPM > chip is no longer the sole keeper of secrets (or can be convinced to > give up the keys). Deleting files on disk is hard. Especially with > SSDs because of wear levelling. > > I'm hoping the answer isn't "you should have generated they keys differently" > (by adding a flag, http://marc.info/?l=trousers-users&m=120326565102441),
I believe that the answer is, "You should have generated the key differently." The encrypted part of the key blob holds an integrity hash. If you flip a bit, the integrity check fails. This is 'a good thing'. If you could flip it one way, you could flip it the other way, making a key appear migratable, then migrate it to an insecure target. ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
