From: Olga C. <ol...@gm...> - 2011-09-01 17:14:17
|
Yes, I when I created a key, I registered it with a UUID. I could then access it later using the same UUID. I assumed that that meant the key was stored somewhere. Is that not the case? On Thu, Sep 1, 2011 at 11:15 AM, Segall, Ariel E <as...@mi...> wrote: > Saving keys isn't something that's done automatically for you. The TPM > Quote Tools on sourceforge provide a filename option for the relevant > commands, and if you create a key yourself, the TPM will provide back a > blob that you can store in a file. However, if you're not saving the key > yourself, your keys may not be preserved. > > Have you successfully been using reusing keys you created in an earlier > run of your program? > > Ariel > > > On 9/1/11 11:03 AM, "Olga Chen" <ol...@gm...> wrote: > > >I am just writing my own code and sometimes using tpm-tools on Linux. I > >know that when I create a key that is a "child" of the SRK, it is stored > >somewhere on the hard drive. I didn't know you can indicate a filename to > >store partictular blobs! > > > > > >On Wed, Aug 31, 2011 at 6:00 PM, Segall, Ariel E <as...@mi...> > >wrote: > > > > > >The answer really depends on the software you're using. What programs are > >you using to create and manage TPM keys? Perhaps someone on the list has > >experience with specific applications. > > > >The programs that I've used and written all delegate blob storage and > >backup to the user (user specifies filenames to store particular blobs > >in), so I'm not sure I can help much with a generic search for keys. > > > > Ariel > > > >On 8/31/11 1:29 PM, "Olga Chen" <ol...@gm...> wrote: > > > >>Ariel - > >>Do you know whereon the hard drive the encrypted "blobs" of TPM-encrypted > >>storage keys are stored? Either on Linux or Windows? I've trying to find > >>out without success. > >> > >> > >>On Wed, Aug 31, 2011 at 10:57 AM, Segall, Ariel E <as...@mi...> > >>wrote: > >> > >> > >>Yes. From the TPM perspective, those blobs are just handed to the user > >>when you create a key; it doesn't care which software is providing the > >>blob when it's used. The system was designed so that restoring from a > >>backup in the event of hard drive failure, OS replacement, or other > >>user-level software change is entirely feasible. > >> > >>If you have software doing automated key management, the only real > >>question is how that software handles restoring from a backup; the TPM > >>will not cause problems. > >> > >> Ariel > >> > >>On 8/31/11 10:50 AM, "Olga Chen" <ol...@gm...> wrote: > >> > >>>On Wed, Aug 31, 2011 at 10:44 AM, Segall, Ariel E <as...@mi...> > >>>wrote: > >>> > >>> > >>>Olga: The TPM itself has no on-disk key storage, although some > >>>applications may use the disk for key storage in an automated fashion. > >>>You > >>>are correct that the TPM only stores that limited set of keys inside the > >>>chip. > >>> > >>>This means that in the event of a hard-drive failure, the SRK should > >>>still > >>>be accessible, but any storage (or other user-created) keys that were on > >>>the hard disk will be lost unless they were backed up. However, the > >>>backups should be restorable without any trouble from the TPM > >>>perspective, > >>>and as you say, owner-evict keys are an exception. > >>> > >>> > >>> > >>>So if I find where the TPM stores the encrypted "blob" with all the > >>>storage keys, copy it somewhere else, then re-install the OS, and then > >>>copy the "blob" back, I should be able to use the same keys? > >>> > >>> > >> > >> > >> > >> > >> > >> > >> > > > > > > > > > > > > > > > > |