I'm a TPM expert, but I don't know details of the PKCS11 layer. Sorry. PKCS11 might layer other controls on top of the TPM.
On 11/15/2013 10:35 AM, Thomas Habets wrote: >> There are controls on migration. It requires the authorization password >> of the parent and the migration authorization password of the key. > > For keys under the private root key, does this mean the SRK password > (20 null bytes) and the user PIN? From the TPM POV, assuming the SRK password (really its 20 byte authorization value) is zero, that's all you need. The TPM doesn't have an additional user PIN. PKCS11 might. > So one more password to migrate than to use, correct? The TPM needs the parent authorization to load a key, plus the key authorization to use the key. To migrate, you need the parent authorization and the key's migration authorization (different from the use authorization). The owner authorization is used to authorize a target. ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
