Hi Russ - I don't think there is any way to do this. In general you
can of course enforce almost any rules using measured code, if you can
convince the verifier that the measurements are correct.
This paper, http://dspace.mit.edu/handle/1721.1/33966 - Virtual
Monotonic Counters and Count-Limited Objects - describes some
extensions and changes that could be made to the TPM to allow similar
functionality to what you are talking about.
On Wed, Apr 9, 2008 at 12:19 PM, Russ Fink <russfink@...> wrote:
> Is there a way using the TPM to enforce "sign-once" semantics, or if not
> that, usage counting to tell me how many times a key was used for signing?
> I can think of a crude way that involves monotonic counters and some
> precreated set of N keys. Each time a key needs to be used, the monotonic
> counter has to be set to a value. Once that key is used, I can lock it by
> incrementing the counter which would in turn unlock the next key in the
> That's kind of not what I want, because then I have to have keys available
> in a certain sequence and also I'd be relying on an external entity to
> increment the monotonic counter.
> What would be better is if the TPM can keep a count of how many times a
> signing operation was performed using some key. Even better yet would be if
> there were a way to tell the TPM at key creation time to only allow some key
> to be used a certain number of times, then forever refuse to use that key
> The important part is that I want the TPM hardware to do the counting, or
> enforce the usage.
> I could even do this if there were a general counter that counted all
> cryptographic calls made of the TPM, regardless of what kind of operation
> took place.