From: Dmitri T. <dmi...@al...> - 2013-11-15 19:09:12
|
I suspected that this might be the case but thanks for clarifying it. ----- Original Message ----- > From: "Ken Goldman" <kgo...@us...> > To: tro...@li... > Sent: Friday, November 15, 2013 11:34:35 AM > Subject: Re: [TrouSerS-users] Can you set NON_MIGRATABLE after generating the keys? > > On 11/15/2013 9:21 AM, Dmitri Toubelis wrote: > > > > In respect to your original question about changing migrateability > > of > > the key here is an idea - you can try exporting migrateable key and > > importing it back into the same TPM as non-migrateable (under a > > different key chain perhaps where none of the parent keys is > > migrateable). I'm not sure if it's gonna work or not, I'm > > experimenting with it myself right now but maybe someone else could > > comment on this. > > Hopefully, it will not work. > > The TPM keeps an integrity value in its encrypted part. If you flip > the > migratable flag in the public part, the integrity should fail when > you > load the key into the TPM. > > While flipping from non-migratable to migratable would be a serious > security flaw, flipping the other way is also bad. The TPM can > certify > one of its keys as being non-migratable. If you could flip it to > migratable, the certificate would be flawed. > > > > ------------------------------------------------------------------------------ > DreamFactory - Open Source REST & JSON Services for HTML5 & Native > Apps > OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access > Free app hosting. Or install the open source package on any LAMP > server. > Sign up and see examples for AngularJS, jQuery, Sencha Touch and > Native! > http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk > _______________________________________________ > TrouSerS-users mailing list > Tro...@li... > https://lists.sourceforge.net/lists/listinfo/trousers-users > |