On 11/15/2013 9:21 AM, Dmitri Toubelis wrote: > > In respect to your original question about changing migrateability of > the key here is an idea - you can try exporting migrateable key and > importing it back into the same TPM as non-migrateable (under a > different key chain perhaps where none of the parent keys is > migrateable). I'm not sure if it's gonna work or not, I'm > experimenting with it myself right now but maybe someone else could > comment on this.
Hopefully, it will not work. The TPM keeps an integrity value in its encrypted part. If you flip the migratable flag in the public part, the integrity should fail when you load the key into the TPM. While flipping from non-migratable to migratable would be a serious security flaw, flipping the other way is also bad. The TPM can certify one of its keys as being non-migratable. If you could flip it to migratable, the certificate would be flawed. ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
