Re: [TrouSerS-users] TPM Decryption

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Yes, I when I created a key, I registered it with a UUID. I could then
access it later using the same UUID. I assumed that that meant the key was
stored somewhere. Is that not the case?

On Thu, Sep 1, 2011 at 11:15 AM, Segall, Ariel E <as...@mi...> wrote:

> Saving keys isn't something that's done automatically for you. The TPM
> Quote Tools on sourceforge provide a filename option for the relevant
> commands, and if you create a key yourself, the TPM will provide back a
> blob that you can store in a file. However, if you're not saving the key
> yourself, your keys may not be preserved.
>
> Have you successfully been using reusing keys you created in an earlier
> run of your program?
>
>              Ariel
>
>
> On 9/1/11 11:03 AM, "Olga Chen" <ol...@gm...> wrote:
>
> >I am just writing my own code and sometimes using tpm-tools on Linux. I
> >know that when I create a key that is a "child" of the SRK, it is stored
> >somewhere on the hard drive. I didn't know you can indicate a filename to
> >store partictular blobs!
> >
> >
> >On Wed, Aug 31, 2011 at 6:00 PM, Segall, Ariel E <as...@mi...>
> >wrote:
> >
> >
> >The answer really depends on the software you're using. What programs are
> >you using to create and manage TPM keys? Perhaps someone on the list has
> >experience with specific applications.
> >
> >The programs that I've used and written all delegate blob storage and
> >backup to the user (user specifies filenames to store particular blobs
> >in), so I'm not sure I can help much with a generic search for keys.
> >
> >                                                   Ariel
> >
> >On 8/31/11 1:29 PM, "Olga Chen" <ol...@gm...> wrote:
> >
> >>Ariel -
> >>Do you know whereon the hard drive the encrypted "blobs" of TPM-encrypted
> >>storage keys are stored? Either on Linux or Windows? I've trying to find
> >>out without success.
> >>
> >>
> >>On Wed, Aug 31, 2011 at 10:57 AM, Segall, Ariel E <as...@mi...>
> >>wrote:
> >>
> >>
> >>Yes. From the TPM perspective, those blobs are just handed to the user
> >>when you create a key; it doesn't care which software is providing the
> >>blob when it's used. The system was designed so that restoring from a
> >>backup in the event of hard drive failure, OS replacement, or other
> >>user-level software change is entirely feasible.
> >>
> >>If you have software doing automated key management, the only real
> >>question is how that software handles restoring from a backup; the TPM
> >>will not cause problems.
> >>
> >>              Ariel
> >>
> >>On 8/31/11 10:50 AM, "Olga Chen" <ol...@gm...> wrote:
> >>
> >>>On Wed, Aug 31, 2011 at 10:44 AM, Segall, Ariel E <as...@mi...>
> >>>wrote:
> >>>
> >>>
> >>>Olga: The TPM itself has no on-disk key storage, although some
> >>>applications may use the disk for key storage in an automated fashion.
> >>>You
> >>>are correct that the TPM only stores that limited set of keys inside the
> >>>chip.
> >>>
> >>>This means that in the event of a hard-drive failure, the SRK should
> >>>still
> >>>be accessible, but any storage (or other user-created) keys that were on
> >>>the hard disk will be lost unless they were backed up. However, the
> >>>backups should be restorable without any trouble from the TPM
> >>>perspective,
> >>>and as you say, owner-evict keys are an exception.
> >>>
> >>>
> >>>
> >>>So if I find where the TPM stores the encrypted "blob" with all the
> >>>storage keys, copy it somewhere else, then re-install the OS, and then
> >>>copy the "blob" back, I should be able to use the same keys?
> >>>
> >>>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
> >
> >
> >
> >
>
>