You can subscribe to this list here.
2006 
_{Jan}

_{Feb}

_{Mar}

_{Apr}

_{May}
(3) 
_{Jun}
(4) 
_{Jul}
(10) 
_{Aug}
(6) 
_{Sep}
(6) 
_{Oct}
(5) 
_{Nov}
(1) 
_{Dec}


2007 
_{Jan}

_{Feb}
(14) 
_{Mar}
(25) 
_{Apr}
(9) 
_{May}
(10) 
_{Jun}
(9) 
_{Jul}
(33) 
_{Aug}
(52) 
_{Sep}
(15) 
_{Oct}
(6) 
_{Nov}
(4) 
_{Dec}
(6) 
2008 
_{Jan}
(27) 
_{Feb}
(3) 
_{Mar}
(6) 
_{Apr}
(7) 
_{May}
(8) 
_{Jun}
(4) 
_{Jul}
(21) 
_{Aug}
(8) 
_{Sep}
(9) 
_{Oct}
(6) 
_{Nov}
(1) 
_{Dec}
(1) 
2009 
_{Jan}
(1) 
_{Feb}
(1) 
_{Mar}
(10) 
_{Apr}
(7) 
_{May}
(8) 
_{Jun}
(10) 
_{Jul}
(11) 
_{Aug}
(17) 
_{Sep}
(13) 
_{Oct}
(13) 
_{Nov}
(1) 
_{Dec}
(5) 
2010 
_{Jan}
(5) 
_{Feb}
(9) 
_{Mar}
(12) 
_{Apr}
(4) 
_{May}
(5) 
_{Jun}
(3) 
_{Jul}
(7) 
_{Aug}
(7) 
_{Sep}
(3) 
_{Oct}
(12) 
_{Nov}
(5) 
_{Dec}
(2) 
2011 
_{Jan}
(9) 
_{Feb}
(3) 
_{Mar}
(24) 
_{Apr}
(3) 
_{May}
(1) 
_{Jun}

_{Jul}
(3) 
_{Aug}
(8) 
_{Sep}
(2) 
_{Oct}

_{Nov}

_{Dec}

2012 
_{Jan}
(4) 
_{Feb}

_{Mar}

_{Apr}
(3) 
_{May}
(12) 
_{Jun}
(7) 
_{Jul}
(9) 
_{Aug}

_{Sep}
(14) 
_{Oct}
(19) 
_{Nov}
(4) 
_{Dec}

2013 
_{Jan}
(1) 
_{Feb}
(3) 
_{Mar}
(1) 
_{Apr}
(5) 
_{May}
(3) 
_{Jun}
(7) 
_{Jul}
(6) 
_{Aug}
(4) 
_{Sep}
(1) 
_{Oct}

_{Nov}

_{Dec}
(2) 
2014 
_{Jan}

_{Feb}
(2) 
_{Mar}
(3) 
_{Apr}
(1) 
_{May}
(1) 
_{Jun}
(6) 
_{Jul}
(14) 
_{Aug}
(4) 
_{Sep}

_{Oct}

_{Nov}

_{Dec}

S  M  T  W  T  F  S 

1

2

3

4

5

6

7

8

9

10

11
(1) 
12
(1) 
13
(2) 
14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31





From: Jonathan McCune <jonmccune@cm...>  20120113 16:25:26

You might also look at IBM's software implementation to see how they implemented the internals of the TPM in this regard: http://ibmswtpm.sourceforge.net/ Jon On Fri, Jan 13, 2012 at 10:14 AM, <Federico.Mancini@...> wrote: > Hi again, > > Maybe I found the answer myself, so I will report it just in case anyone > else ever wondered or someone who already knows can correct me if I am > wrong. > > After going through the source code of the jTSS I realized that the wrapping > of a key is done inside the TPM, os I went to look at the TPM specs, in > particular the data structure part, and there it says the an asymmetric key > is stored so that the private part cannot be bigger than 151 bytes > (TPM_STORE_PRIVKEY). > > This is possible because it is not the private exponent that is stored as > private key (which is usually nearly as big as the modulus itself), but one > of the two prime factor of the modulus, and 151 bytes CAN be encrypted by a > 2048 RSA public key in one block. > > > > Federico > > > > Fra: Federico.Mancini@... [mailto:Federico.Mancini@...] > Sendt: 12. januar 2012 09:18 > Til: shahshakir@... > Kopi: trustedjavasupport@... > > > Emne: Re: [Trustedjavasupport] Encrypting the private part of an RSA key > > > > Hi, > > Thanks for your pointer, but I had already read the book, and that is what > confused me. > > In chapter 2 “Secure Storage – Storing asymmetric keys” it says that > asymmetric keys are encrypted under a 2048 RSA key and the format used is > the PKSC#1 v2.0. My question was about how this was done in practice since a > public 2048 RSA key can encrypt less than 256 bytes and a RSA private key is > usually at least as big as the modulus, i.e. 256 bytes. I read also the > PKSC#1 v2.0 (not line by line, but I had a close look), and I could not > find any specific guidelines for encrypting private keys, only to format and > encode them. > > In other words, if at some point the TPM produces an AIK, and this must be > stored outside the TPM protected by the SRK key, how is this done in > practice? > > Or is the AIK key encrypted with a symmetric key in turn encrypted with the > SRK public key? > > Also a pointer to the source code where this is implemented would be fine, > if possible. > > > > Thanks again, and sorry if the question is trivial, but I am clearly missing > some probably stupid detail here, and I cannot seem to figure out what it > is. > > > > Federico > > > > Fra: Shakir Ullah shah [mailto:shahshakir@...] > Sendt: 12. januar 2012 05:59 > Til: Mancini, Federico > Emne: Re: [Trustedjavasupport] Encrypting the private part of an RSA key > > > > Hi > > > > You can find answer to your question by reading chapter 2 of > IBM.Press.A.Practical.Guide.to.Trusted.Computing.Jan.2008 book. > > > > Regards > > Shakir > > > > From: "Federico.Mancini@..." <Federico.Mancini@...> > To: trustedjavasupport@... > Sent: Wednesday, January 11, 2012 8:15 PM > Subject: [Trustedjavasupport] Encrypting the private part of an RSA key > > > > Hi, > > I am new here and I have only recently started reading up on trusted > computing and TPM for a project I am part of. > > I think I got all the basics, but now that I am entering more technical > details, I find all my books and sources are not enough any more. > > That is why I have starting looking at your implementation of the TSS (which > I plan to use soon to implement some ideas) and why I am posting here, > since whoever implemented something like this, must have a very good and > practical knowledge of the specifications J > > The question I have is about how asymmetric keys are stored securely outside > the TPM. > > As far as I understand, AIK or Storage keys are asymmetric pairs of keys and > are stored outside the TPM in a secure way protected by their parent key. > > I guess this means that the private part of these keys must be encrypted, > and in particular it should be encrypted with the SRK or > > other parent storage keys, which are also asymmetric. So how is this done? > By encrypting the private part of a key with the public part of its parent > key (possibly the SRK itself)? > > If so, isn’t a private key too big to fit in one RSA encrypted block? Does > it have to be split in smaller blocks first? If so how (is there a standard) > ? > > Reading your Javadoc I found at least two methods that return an encrypted > private key (TspCreateWrapKey_Internal), so I hope you can help me out with > this. > > > > This question is bugging me since in the book “A practical guide to trusted > computing” there is a whole section dedicated to how big a symmetric key can > be to be encrypted by a binding (asymmetric) key, > > but there does not seem to be a problem to encrypt potentially big private > keys instead. > > > > Thanks for any answer! > > > > Federico Mancini > > > > >  > Ridiculously easy VDI. With Citrix VDIinaBox, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this allinone solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/CitrixVDIinabox > _______________________________________________ > Trustedjavasupport mailing list > Trustedjavasupport@... > https://lists.sourceforge.net/lists/listinfo/trustedjavasupport > > >  > RSA(R) Conference 2012 > Mar 27  Feb 2 > Save $400 by Jan. 27 > Register now! > http://p.sf.net/sfu/rsasfdev2dev2 > _______________________________________________ > Trustedjavasupport mailing list > Trustedjavasupport@... > https://lists.sourceforge.net/lists/listinfo/trustedjavasupport > 
From: <Federico.M<ancini@ff...>  20120113 15:15:42

Hi again, Maybe I found the answer myself, so I will report it just in case anyone else ever wondered or someone who already knows can correct me if I am wrong. After going through the source code of the jTSS I realized that the wrapping of a key is done inside the TPM, os I went to look at the TPM specs, in particular the data structure part, and there it says the an asymmetric key is stored so that the private part cannot be bigger than 151 bytes (TPM_STORE_PRIVKEY). This is possible because it is not the private exponent that is stored as private key (which is usually nearly as big as the modulus itself), but one of the two prime factor of the modulus, and 151 bytes CAN be encrypted by a 2048 RSA public key in one block. Federico Fra: Federico.Mancini@... [mailto:Federico.Mancini@...] Sendt: 12. januar 2012 09:18 Til: shahshakir@... Kopi: trustedjavasupport@... Emne: Re: [Trustedjavasupport] Encrypting the private part of an RSA key Hi, Thanks for your pointer, but I had already read the book, and that is what confused me. In chapter 2 “Secure Storage – Storing asymmetric keys” it says that asymmetric keys are encrypted under a 2048 RSA key and the format used is the PKSC#1 v2.0. My question was about how this was done in practice since a public 2048 RSA key can encrypt less than 256 bytes and a RSA private key is usually at least as big as the modulus, i.e. 256 bytes. I read also the PKSC#1 v2.0 (not line by line, but I had a close look), and I could not find any specific guidelines for encrypting private keys, only to format and encode them. In other words, if at some point the TPM produces an AIK, and this must be stored outside the TPM protected by the SRK key, how is this done in practice? Or is the AIK key encrypted with a symmetric key in turn encrypted with the SRK public key? Also a pointer to the source code where this is implemented would be fine, if possible. Thanks again, and sorry if the question is trivial, but I am clearly missing some probably stupid detail here, and I cannot seem to figure out what it is. Federico Fra: Shakir Ullah shah [mailto:shahshakir@...] Sendt: 12. januar 2012 05:59 Til: Mancini, Federico Emne: Re: [Trustedjavasupport] Encrypting the private part of an RSA key Hi You can find answer to your question by reading chapter 2 of IBM.Press.A.Practical.Guide.to.Trusted.Computing.Jan.2008 book. Regards Shakir From: "Federico.Mancini@..." <Federico.Mancini@...> To: trustedjavasupport@... Sent: Wednesday, January 11, 2012 8:15 PM Subject: [Trustedjavasupport] Encrypting the private part of an RSA key Hi, I am new here and I have only recently started reading up on trusted computing and TPM for a project I am part of. I think I got all the basics, but now that I am entering more technical details, I find all my books and sources are not enough any more. That is why I have starting looking at your implementation of the TSS (which I plan to use soon to implement some ideas) and why I am posting here, since whoever implemented something like this, must have a very good and practical knowledge of the specifications J The question I have is about how asymmetric keys are stored securely outside the TPM. As far as I understand, AIK or Storage keys are asymmetric pairs of keys and are stored outside the TPM in a secure way protected by their parent key. I guess this means that the private part of these keys must be encrypted, and in particular it should be encrypted with the SRK or other parent storage keys, which are also asymmetric. So how is this done? By encrypting the private part of a key with the public part of its parent key (possibly the SRK itself)? If so, isn’t a private key too big to fit in one RSA encrypted block? Does it have to be split in smaller blocks first? If so how (is there a standard) ? Reading your Javadoc I found at least two methods that return an encrypted private key (TspCreateWrapKey_Internal), so I hope you can help me out with this. This question is bugging me since in the book “A practical guide to trusted computing” there is a whole section dedicated to how big a symmetric key can be to be encrypted by a binding (asymmetric) key, but there does not seem to be a problem to encrypt potentially big private keys instead. Thanks for any answer! Federico Mancini  Ridiculously easy VDI. With Citrix VDIinaBox, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this allinone solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/CitrixVDIinabox _______________________________________________ Trustedjavasupport mailing list Trustedjavasupport@... https://lists.sourceforge.net/lists/listinfo/trustedjavasupport 
From: <Federico.M<ancini@ff...>  20120112 08:18:53

Hi, Thanks for your pointer, but I had already read the book, and that is what confused me. In chapter 2 “Secure Storage – Storing asymmetric keys” it says that asymmetric keys are encrypted under a 2048 RSA key and the format used is the PKSC#1 v2.0. My question was about how this was done in practice since a public 2048 RSA key can encrypt less than 256 bytes and a RSA private key is usually at least as big as the modulus, i.e. 256 bytes. I read also the PKSC#1 v2.0 (not line by line, but I had a close look), and I could not find any specific guidelines for encrypting private keys, only to format and encode them. In other words, if at some point the TPM produces an AIK, and this must be stored outside the TPM protected by the SRK key, how is this done in practice? Or is the AIK key encrypted with a symmetric key in turn encrypted with the SRK public key? Also a pointer to the source code where this is implemented would be fine, if possible. Thanks again, and sorry if the question is trivial, but I am clearly missing some probably stupid detail here, and I cannot seem to figure out what it is. Federico Fra: Shakir Ullah shah [mailto:shahshakir@...] Sendt: 12. januar 2012 05:59 Til: Mancini, Federico Emne: Re: [Trustedjavasupport] Encrypting the private part of an RSA key Hi You can find answer to your question by reading chapter 2 of IBM.Press.A.Practical.Guide.to.Trusted.Computing.Jan.2008 book. Regards Shakir From: "Federico.Mancini@..." <Federico.Mancini@...> To: trustedjavasupport@... Sent: Wednesday, January 11, 2012 8:15 PM Subject: [Trustedjavasupport] Encrypting the private part of an RSA key Hi, I am new here and I have only recently started reading up on trusted computing and TPM for a project I am part of. I think I got all the basics, but now that I am entering more technical details, I find all my books and sources are not enough any more. That is why I have starting looking at your implementation of the TSS (which I plan to use soon to implement some ideas) and why I am posting here, since whoever implemented something like this, must have a very good and practical knowledge of the specifications J The question I have is about how asymmetric keys are stored securely outside the TPM. As far as I understand, AIK or Storage keys are asymmetric pairs of keys and are stored outside the TPM in a secure way protected by their parent key. I guess this means that the private part of these keys must be encrypted, and in particular it should be encrypted with the SRK or other parent storage keys, which are also asymmetric. So how is this done? By encrypting the private part of a key with the public part of its parent key (possibly the SRK itself)? If so, isn’t a private key too big to fit in one RSA encrypted block? Does it have to be split in smaller blocks first? If so how (is there a standard) ? Reading your Javadoc I found at least two methods that return an encrypted private key (TspCreateWrapKey_Internal), so I hope you can help me out with this. This question is bugging me since in the book “A practical guide to trusted computing” there is a whole section dedicated to how big a symmetric key can be to be encrypted by a binding (asymmetric) key, but there does not seem to be a problem to encrypt potentially big private keys instead. Thanks for any answer! Federico Mancini  Ridiculously easy VDI. With Citrix VDIinaBox, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this allinone solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/CitrixVDIinabox _______________________________________________ Trustedjavasupport mailing list Trustedjavasupport@... https://lists.sourceforge.net/lists/listinfo/trustedjavasupport 
From: <Federico.M<ancini@ff...>  20120111 15:28:04

Hi, I am new here and I have only recently started reading up on trusted computing and TPM for a project I am part of. I think I got all the basics, but now that I am entering more technical details, I find all my books and sources are not enough any more. That is why I have starting looking at your implementation of the TSS (which I plan to use soon to implement some ideas) and why I am posting here, since whoever implemented something like this, must have a very good and practical knowledge of the specifications J The question I have is about how asymmetric keys are stored securely outside the TPM. As far as I understand, AIK or Storage keys are asymmetric pairs of keys and are stored outside the TPM in a secure way protected by their parent key. I guess this means that the private part of these keys must be encrypted, and in particular it should be encrypted with the SRK or other parent storage keys, which are also asymmetric. So how is this done? By encrypting the private part of a key with the public part of its parent key (possibly the SRK itself)? If so, isn't a private key too big to fit in one RSA encrypted block? Does it have to be split in smaller blocks first? If so how (is there a standard) ? Reading your Javadoc I found at least two methods that return an encrypted private key (TspCreateWrapKey_Internal), so I hope you can help me out with this. This question is bugging me since in the book "A practical guide to trusted computing" there is a whole section dedicated to how big a symmetric key can be to be encrypted by a binding (asymmetric) key, but there does not seem to be a problem to encrypt potentially big private keys instead. Thanks for any answer! Federico Mancini 