Yes, you can do this, but I don't know if the TSS has any conversion utility.
If you want to code it, my SW TPM certainly creates the TPM_KEY structure wrapped with a parent key. Look at the CreateWrapKey function, and perhaps step through it with a debugger. It creates a key pair using openssl, wraps the private part in the parent, and they outputs it as a TPM_KEY. I advise debugging using the SW TPM. If you use a HW TPM, you'll probably get back some "bad format" error and it will be hard to debug. On 3/26/2014 6:15 PM, Marcin Kaszubski wrote: > > I want to achieve this: > 1. Send PubKey part of SRK to the client > 2. Use PubKey part of SRK to wrap the private key generated by the > client (private key probably generated by OpenSSL) > 3. Send wrapped client key back to the machine with TPM > 4. Load wrapped private key of client to the TPM > > I can't find how can I wrap client secret key so it will be accepted by > TPM during LoadKey? > What tool should I use? Can I use OpenSSL to wrap key on client machine? ------------------------------------------------------------------------------ _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
