At the TPM layer, the private key is almost always wrapped/encrypted by the parent storage key. Thus, there is nothing that the TSS can do to expose it.
The "almost" applies because migration (making a copy of a key K1 for backup or transfer to another TPM) sends the private key K1 off the TPM wrapped by a key K2 other than its parent. If you know the private key K2, you can get the private key K1. Clearly, someone knows the private key K2. Otherwise, migration of K1 would not work. The other "almost" is the optional maintenance, but I don't know of any hardware TPM that implemented maintenance. On 8/13/2015 8:03 AM, Julie P wrote: > Hi everyone, > > The spec says that the private key, of an RSA keypair, have to be > encrypt before it goes out as a blob. > Loading the blob unencrypt it. > My aim is to verify if the private is accessed somewhere else, and how. > (I have to prove it for my internship). > I'm using Trousers 3.13 with an hardware TPM v1.2. ------------------------------------------------------------------------------ _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
