From: Klaus Heinrich Kiwi <klausk@li...> - 2009-09-09 11:19:47
On 09/08/2009 10:53 PM, mark.wen wrote:
> Hi~ Klaus
> Thanks your reply . You mean the file (PRIVATE_ROOT_KEY.pem ,
> PUBLIC_ROOT_KEY.pem) will produce automatically after executing
> tpmtoken_init. Am I right ?
Yes. tpmtoken_init should create the files under
<prefix>/var/lib/opencryptoki/tpm/$USER. Those keys are only there for
migration purposes (so you could migrate this directory to another
system and still use the PKCS#11 datastore).
You *can* move them to a safer storage in case you want to avoid brute
force attacks against those keys. Please refer to
http://trousers.sourceforge.net/pkcs11.html for more info.
Klaus Heinrich Kiwi | klausk@... | http://blog.klauskiwi.com
Open Source Security blog : http://www.ratliff.net/blog
IBM Linux Technology Center : http://www.ibm.com/linux/ltc
Get latest updates about Open Source Projects, Conferences and News.