noway

perfect. thank you much .. I understand now. I was using the saved context file and trying to load in other tpm. But after thinking, I see why that is not possible

I have created a primary object. create another object under this primary object. loaded the above created object to the tpm using above 3 steps created a sealed blob! then I can unseal using the handle obtained from load Also, I have context saved the handles of the primary object and the loaded object. I can context load these handles on this same TPM if I flushcontext of these transient handles. Is there a way to load these saved context on a different TPM chip? So, that I can do unseal of the...

Thank you much Ken. It's getting clearer.

from the testunseal.sh script consider the following code: 53 echo "Create a sealed data object" 54 ${PREFIX}create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin > run.out 55 checkSuccess $? 56 57 echo "Load the sealed data object" 58 ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out 59 checkSuccess $? 60 61 echo "Unseal the data blob" 62 ${PREFIX}unseal -ha 80000001 -pwd sea -of tmp.bin > run.out 63 checkSuccess $? 80000000:...

from the testunseal.sh script consider the following code: 53 echo "Create a sealed data object" 54 ${PREFIX}create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin > run.out 55 checkSuccess $? 56 57 echo "Load the sealed data object" 58 ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out 59 checkSuccess $? 60 61 echo "Unseal the data blob" 62 ${PREFIX}unseal -ha 80000001 -pwd sea -of tmp.bin > run.out 63 checkSuccess $? 80000000:...

from the testunseal.sh script consider the following code: 53 echo "Create a sealed data object" 54 ${PREFIX}create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin > run.out 55 checkSuccess $? 56 57 echo "Load the sealed data object" 58 ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out 59 checkSuccess $? 60 61 echo "Unseal the data blob" 62 ${PREFIX}unseal -ha 80000001 -pwd sea -of tmp.bin > run.out 63 checkSuccess $? 80000000:...

goal: use TPM to protect a blob of data (using tpm 2.0) option # 1: Doing seal using the TPM2_Create() and then TPM2_Load() and using TPM2_Unseal() to get the data from the TPM. option # 2: Using TPM2_EncryptDecrypt() on a software TPM but on the hardware TPM it says that TPM2_EncryptDecrypt is NOT supported. Common stuff for above 2 options: Created a primary key (key_1) (RSA key-pair). Difference b/w 2 options: As per my understanding the difference between seal and TPM2_EncryptDecrypt() is as...

Hi ken, setup: client(with tpm) and server(no tpm) I understand the protocol implementation. I understand the make_creadential and activate_credential. For this even the server needs to have the tpm to do the make_credential. Maybe use s/w tpm for this to not redo the code. My requirement for now and future are: 1. client auth. (server should be sure it is talking to the valid client) (current) 2. Send any tpm quotes from the client to server (future) I have the following questions wrt protocol:...