Re: [Tpm4java-users] Prevent TPM to flush/evict keys at system reboot
Brought to you by:
tews
Menu
▾
▴
Re: [Tpm4java-users] Prevent TPM to flush/evict keys at system reboot
|
From: Cyril D. <cyr...@gm...> - 2008-02-25 20:53:44
|
On Mon, Feb 25, 2008 at 10:04 AM, Frederic Stumpf <st...@se...> wrote: > Hi Cyril, > > keys are not normally stored inside the TPM. They are encrypted by the > SRK, which always remains under protection of the TPM. The encrypted key > blob is returned to the software stack after it has been encrypted with > the SRK. The software stack should then store the encrypted key blob > anywhere on the hard disk. > > If you want to load a key back into the TPM after doing a reboot of your > machine, the software stack should deliver the encrypted key blob to the > TPM. If you need any information regarding that issue I suggest to look > at the TPM_CreateWrapKey command of the TCG specs. > > Cheers, > Frederic > OK. Well, so far, as I use tpm4java directly (no extra TSS), I play the role of the TSS and uses a Windows startup script using TPM_CreateWrapKey and TPM_LoadKey to "deliver the encrypted key blob to the TPM" whenever Windows XP reboots. Danke, -- Cyril |
