Menu
▾
▴
Re: [Trustedjava-support] Encrypting the private part of an RSA key
|
From: <Fed...@ff...> - 2012-01-12 08:18:53
|
Hi, Thanks for your pointer, but I had already read the book, and that is what confused me. In chapter 2 “Secure Storage – Storing asymmetric keys” it says that asymmetric keys are encrypted under a 2048 RSA key and the format used is the PKSC#1 v2.0. My question was about how this was done in practice since a public 2048 RSA key can encrypt less than 256 bytes and a RSA private key is usually at least as big as the modulus, i.e. 256 bytes. I read also the PKSC#1 v2.0 (not line by line, but I had a close look), and I could not find any specific guidelines for encrypting private keys, only to format and encode them. In other words, if at some point the TPM produces an AIK, and this must be stored outside the TPM protected by the SRK key, how is this done in practice? Or is the AIK key encrypted with a symmetric key in turn encrypted with the SRK public key? Also a pointer to the source code where this is implemented would be fine, if possible. Thanks again, and sorry if the question is trivial, but I am clearly missing some probably stupid detail here, and I cannot seem to figure out what it is. Federico Fra: Shakir Ullah shah [mailto:sha...@ya...] Sendt: 12. januar 2012 05:59 Til: Mancini, Federico Emne: Re: [Trustedjava-support] Encrypting the private part of an RSA key Hi You can find answer to your question by reading chapter 2 of IBM.Press.A.Practical.Guide.to.Trusted.Computing.Jan.2008 book. Regards Shakir From: "Fed...@ff..." <Fed...@ff...> To: tru...@li... Sent: Wednesday, January 11, 2012 8:15 PM Subject: [Trustedjava-support] Encrypting the private part of an RSA key Hi, I am new here and I have only recently started reading up on trusted computing and TPM for a project I am part of. I think I got all the basics, but now that I am entering more technical details, I find all my books and sources are not enough any more. That is why I have starting looking at your implementation of the TSS (which I plan to use soon to implement some ideas) and why I am posting here, since whoever implemented something like this, must have a very good and practical knowledge of the specifications J The question I have is about how asymmetric keys are stored securely outside the TPM. As far as I understand, AIK or Storage keys are asymmetric pairs of keys and are stored outside the TPM in a secure way protected by their parent key. I guess this means that the private part of these keys must be encrypted, and in particular it should be encrypted with the SRK or other parent storage keys, which are also asymmetric. So how is this done? By encrypting the private part of a key with the public part of its parent key (possibly the SRK itself)? If so, isn’t a private key too big to fit in one RSA encrypted block? Does it have to be split in smaller blocks first? If so how (is there a standard) ? Reading your Javadoc I found at least two methods that return an encrypted private key (TspCreateWrapKey_Internal), so I hope you can help me out with this. This question is bugging me since in the book “A practical guide to trusted computing” there is a whole section dedicated to how big a symmetric key can be to be encrypted by a binding (asymmetric) key, but there does not seem to be a problem to encrypt potentially big private keys instead. Thanks for any answer! Federico Mancini ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox _______________________________________________ Trustedjava-support mailing list Tru...@li... https://lists.sourceforge.net/lists/listinfo/trustedjava-support |
