From: Ken G. <kgo...@us...> - 2013-11-15 14:40:12
|
On 11/14/2013 11:13 AM, Thomas Habets wrote: > I generated some keys with: > > pkcs11-tool --module=/usr/lib/opencryptoki/libopencryptoki.so.0 \ > --login --keypairgen -d 01 \ > -a "$(whoami)@$(hostname --fqdn) key" \ > --key-type rsa:2048 > > But they are migratable. I can delete the on-disk key "backups" to try > to prevent migration, but they have been stored on disk, so the TPM > chip is no longer the sole keeper of secrets (or can be convinced to > give up the keys). Deleting files on disk is hard. Especially with > SSDs because of wear levelling. > > I'm hoping the answer isn't "you should have generated they keys differently" > (by adding a flag, http://marc.info/?l=trousers-users&m=120326565102441), I believe that the answer is, "You should have generated the key differently." The encrypted part of the key blob holds an integrity hash. If you flip a bit, the integrity check fails. This is 'a good thing'. If you could flip it one way, you could flip it the other way, making a key appear migratable, then migrate it to an insecure target. |