tpm4java-users

[Tpm4java-users] Prevent TPM to flush/evict keys at system reboot

[Cyril D. <cyr...@gm...>]

Hello,
I am facing a keystore issue:
When I successfully load keys into the TPM with tpm4java, I lose all
of them as soon as I reboot my computer.
Is there any way to keep them from being evicted?

By reading the TPM Commands spec, I found out that this was possible
with the TPM_KeyControlOwner command:
Start of informative comment:
3995 This command controls some attributes of keys that are stored
within the TPM key cache.
3996 OwnerEvict: If this bit is set to true, this key remains in the
TPM non-volatile storage
3997 through all TPM_Startup events. The only way to evict this key is
for the TPM Owner to
3998 execute this command again, setting the owner control bit to
false and then executing
3999 TPM_FlushSpecific.
4000 The key handle does not reference an authorized entity and is not
validated.
4001 End of informative comment.
--
However, this is not implemented (yet?) in tpm4java, as far as I can see.
Do you have any tip on fixing this issue?
Thank you.

Regards,
--
Cyril Dangerville

Re: [Tpm4java-users] Prevent TPM to flush/evict keys at system reboot

[Frederic S. <st...@se...>]

Hi Cyril,

keys are not normally stored inside the TPM. They are encrypted by the
SRK, which always remains under protection of the TPM. The encrypted key
blob is returned to the software stack after it has been encrypted with
the SRK. The software stack should then store the encrypted key blob
anywhere on the hard disk. 

If you want to load a key back into the TPM after doing a reboot of your
machine, the software stack should deliver the encrypted key blob to the
TPM. If you need any information regarding that issue I suggest to look
at the TPM_CreateWrapKey command of the TCG specs.

Cheers,
Frederic

On Sat, 2008-02-16 at 23:10 +0100, Cyril DANGERVILLE wrote:
> Hello,
> I am facing a keystore issue:
> When I successfully load keys into the TPM with tpm4java, I lose all
> of them as soon as I reboot my computer.
> Is there any way to keep them from being evicted?
> 
> By reading the TPM Commands spec, I found out that this was possible
> with the TPM_KeyControlOwner command:
> Start of informative comment:
> 3995 This command controls some attributes of keys that are stored
> within the TPM key cache.
> 3996 OwnerEvict: If this bit is set to true, this key remains in the
> TPM non-volatile storage
> 3997 through all TPM_Startup events. The only way to evict this key is
> for the TPM Owner to
> 3998 execute this command again, setting the owner control bit to
> false and then executing
> 3999 TPM_FlushSpecific.
> 4000 The key handle does not reference an authorized entity and is not
> validated.
> 4001 End of informative comment.
> --
> However, this is not implemented (yet?) in tpm4java, as far as I can see.
> Do you have any tip on fixing this issue?
> Thank you.
> 
> Regards,
> --
> Cyril Dangerville
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Tpm4java-users mailing list
> Tpm...@li...
> https://lists.sourceforge.net/lists/listinfo/tpm4java-users
> 
-- 
Frederic Stumpf                                 phone: +49 6151 16 7015
TU Darmstadt -- Department of Computer Science  fax: +49 6151 16 3514
Research Group IT-Security                  
eMail: st...@se... 

Re: [Tpm4java-users] Prevent TPM to flush/evict keys at system reboot

[Cyril D. <cyr...@gm...>]

On Mon, Feb 25, 2008 at 10:04 AM, Frederic Stumpf
<st...@se...> wrote:
> Hi Cyril,
>
>  keys are not normally stored inside the TPM. They are encrypted by the
>  SRK, which always remains under protection of the TPM. The encrypted key
>  blob is returned to the software stack after it has been encrypted with
>  the SRK. The software stack should then store the encrypted key blob
>  anywhere on the hard disk.
>
>  If you want to load a key back into the TPM after doing a reboot of your
>  machine, the software stack should deliver the encrypted key blob to the
>  TPM. If you need any information regarding that issue I suggest to look
>  at the TPM_CreateWrapKey command of the TCG specs.
>
>  Cheers,
>  Frederic
>

OK. Well, so far, as I use tpm4java directly (no extra TSS), I play
the role of the TSS and uses a Windows startup script using
TPM_CreateWrapKey and TPM_LoadKey to "deliver the encrypted key blob
to the TPM" whenever Windows XP reboots.

Danke,
--
Cyril