Oh. Now that makes sense. I re-read Marcin's post. ________________________________________ From: Ken Goldman [[email protected]] Sent: Monday, March 31, 2014 10:12 AM To: [email protected] Subject: Re: [TrouSerS-users] Wrapping RSA key outside TPM
On 3/28/2014 11:53 PM, Bill Martin wrote: > Hello Marcin, > > Can you explain your requirement of item 2? I think he wants to create a key using openssl and wrap it with the SRK. Reasonable task. > How could you get the remote (client's) private key? Totally a no-no > in asymmetric key operations between a local and remote. I think he's doing the wrapping on the client. Sounds OK. > Item number 3. When you say "machine with TPM" are you meaning the > client also has a TPM? Host machine assumed to have a TPM since in > item 1 it sends the pubkey part of SRK to client. I think his "machine with TPM" is not the client, since he says he's sending the wrapped client key __to__ the machine with TPM. > I think you want to use the public key of the client. I don't think so. I think he wants to import and externally generated private key into a TPM. > > For inspiration you may want to look at the AIK Certificate > enrollment spec here > https://www.trustedcomputinggroup.org/files/resource_files/738DF0BB-1A4B-B294-D0AF6AF9CC023163/IWG_CMC_Profile_Cert_Enrollment_v1_r7.pdf The AIK process is for a TPM generated key. He says he wants to generate the key with openssl, not within the TPM. > There is a mixture of symmetric key usage and asymmetric key usage. > Usually a recipient's public key is used to wrap the sender's > symmetric key. The symmetric key in turn is used to wrap the sender's > certificate(s) and any public keys. ------------------------------------------------------------------------------ _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users ------------------------------------------------------------------------------ _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
