Menu
▾
▴
Re: [Trustedjava-support] Sensitivity of keyblob file created by jtt create_key?
|
From: Ronald T. <ron...@ia...> - 2014-06-27 08:36:34
|
Hello Matthew, You can use TPM keys of type storage for encryption, but only through the "sealing" mechanism. After sealing data, there is always an encrypted (under the Storage Root Key), unique, TPM-private element included in the resulting data structure. The sealed data can thus only be decrypted by the very same TPM that performed the encryption operation and no-one else. Not even through backup or vendor-maintenance mechanisms. If you need to encrypt data on any other machine, and decrypt on a specific TPM (with PCR states), you can use the Binding scheme instead. Best, Ronald On 06/26/2014 08:15 PM, Matthew Galligan wrote: > Hello, > > I was wondering, if I create a storage key with e.g. > >jtt create_key -t storage --keyblob my.key -p 1,2,3,4,5 > is that key file encrypted/tied to the current TPM in any way, or can > another machine use this key to decrypt a file I seal with it? > > Thanks! > -Matt > -- Dr. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
