Hello Marcin, Can you explain your requirement of item 2?
How could you get the remote (client's) private key? Totally a no-no in asymmetric key operations between a local and remote. Item number 3. When you say "machine with TPM" are you meaning the client also has a TPM? Host machine assumed to have a TPM since in item 1 it sends the pubkey part of SRK to client. I think you want to use the public key of the client. For inspiration you may want to look at the AIK Certificate enrollment spec here https://www.trustedcomputinggroup.org/files/resource_files/738DF0BB-1A4B-B294-D0AF6AF9CC023163/IWG_CMC_Profile_Cert_Enrollment_v1_r7.pdf There is a mixture of symmetric key usage and asymmetric key usage. Usually a recipient's public key is used to wrap the sender's symmetric key. The symmetric key in turn is used to wrap the sender's certficate(s) and any public keys. Best regards, Biill ________________________________________ From: Marcin Kaszubski [[email protected]] Sent: Wednesday, March 26, 2014 3:15 PM To: [email protected] Subject: [TrouSerS-users] Wrapping RSA key outside TPM Hi, I want to achieve this: 1. Send PubKey part of SRK to the client 2. Use PubKey part of SRK to wrap the private key generated by the client (private key probably generated by OpenSSL) 3. Send wrapped client key back to the machine with TPM 4. Load wrapped private key of client to the TPM I can't find how can I wrap client secret key so it will be accepted by TPM during LoadKey? What tool should I use? Can I use OpenSSL to wrap key on client machine? Best Regards, Marcin ------------------------------------------------------------------------------ _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
