tpm

How to load and use a persistent symmetric key in the TPM?

拜拜、爱过 提交于 2021-02-11 13:55:43
问题 I simply want to store one 32 bytes long symmetric key persistently in the NV storage of the TPM and after a power-cycle, use it (without getting it out of the TPM) to encrypt small-sized data. I've tried to do that in two different ways: 1) Create the key with TPM's random bytes generator Define space in NV and write the key in it Problem : I know how to read it, but how can I load it so I can use it inside the TPM? 2) Create an AES key with TPM2_Create command Make it persistent with TPM2

Information needed to utilize TPM in Java

眉间皱痕 提交于 2021-02-07 05:49:30
问题 I'm reading up on my upcoming project that involves using my laptop's TPM on authentication software written in Java. A few entries came out on Google, but most of them are quite old, and I have no idea which is the best tutorial. So I'd like to know what's the recommended API to use, and where is the best place to get information from. Thanks. 回答1: To communicate with a TPM you need a Trusted Software Stack (TSS) . There are two major freely available TSS: TrouSerS and jTSS. jTSS is written

How to ensure that keys are created inside TPM?

徘徊边缘 提交于 2021-01-29 05:14:52
问题 I need to run .exe on client machine, which will create key pair within TPM. And then I will create CSR with public key part of key pair generated by TPM. My concerns are how do i ensure that keys are created inside TPM , and not by spoofed TPM. Which would enable private key to be migrated and copied. I heard that is what AIKs are for , but i don't understand how can this prevent TPM for being spoofed? One solution that i can think of is : I go to client, boot from USB with trusted OS, and

How to export public key from TPM with TSS.net?

℡╲_俬逩灬. 提交于 2020-08-10 23:41:43
问题 I've gotten the Signing sample from here to run against the TPM Simulator. It looks like I have some sort of reference to the public key after calling: TpmPublic keyPublic; //This seems to have what we're looking for CreationData creationData; TkCreation creationTicket; byte[] creationHash; // // Ask the TPM to create a new primary RSA signing key. // TpmHandle keyHandle = tpm[ownerAuth].CreatePrimary( TpmRh.Owner, // In the owner-hierarchy new SensitiveCreate(keyAuth, null), // With this

How to export public key from TPM with TSS.net?

不羁岁月 提交于 2020-08-10 23:41:04
问题 I've gotten the Signing sample from here to run against the TPM Simulator. It looks like I have some sort of reference to the public key after calling: TpmPublic keyPublic; //This seems to have what we're looking for CreationData creationData; TkCreation creationTicket; byte[] creationHash; // // Ask the TPM to create a new primary RSA signing key. // TpmHandle keyHandle = tpm[ownerAuth].CreatePrimary( TpmRh.Owner, // In the owner-hierarchy new SensitiveCreate(keyAuth, null), // With this

How does the Trusted Platform Module generate its true random numbers?

↘锁芯ラ 提交于 2020-03-04 07:11:13
问题 So far I know that the TPM is using thermal noise for generating true random numbers. But I'm also sure that the TPM uses more sources for the entropy. In that that keystroke timings, drive seek time, or clock jitter would be possibilities. But which sources does the TPM use? And how does it convert them into a true random number? 回答1: How a TPM's random number generator has to look like can be read in the specification. For TPM 1.2, I link this PDF: Part 1 Design Principles When you look at

Controlling TPM with C#

我的未来我决定 提交于 2020-01-01 15:06:15
问题 I am trying to initialize the TPM set an owner create AIKs Any help/link would be appreciated. 回答1: Read MSDN. TBS Reference: http://msdn.microsoft.com/en-us/library/aa446794(VS.85).aspx Using TBS: http://msdn.microsoft.com/en-us/library/ms725663(v=VS.85).aspx TBS Base Services: http://msdn.microsoft.com/en-us/library/aa446796(VS.85).aspx You may also want to look at this article from MS about TPM, some of them with sample code: Overview of TPM Management http://technet.microsoft.com/en-us

Remotely Verifying the Application in execution

你离开我真会死。 提交于 2019-12-21 06:37:18
问题 Is it possible to prove to the remote party that the application I am running in my system is the same as I am claiming that I am running using DRTM or SRTM? If yes then How? 回答1: Theoretically: yes. The concept is called remote attestation. The basic idea is: First you have a sound chain of trust built on your platform, like: BIOS ==> Boot loader ==> OS ==> Applications The resulting measurements are stored in the PCRs. Now you can let the TPM sign this set of PCRs, that's called quote . You

Sealing Data using TPM In Windows [closed]

无人久伴 提交于 2019-12-18 04:23:13
问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 5 years ago . I'd like to perform a TPM Seal operation in windows. I'm familiar with C++ programming but have no idea what libraries I'd even use. I'm currently stuck with the following two questions: Can I perform this action using e.g. WMI and a powershell script? This http://msdn.microsoft.com/en-us/library/windows/desktop

How to extend the running application into PCR?

天大地大妈咪最大 提交于 2019-12-12 15:46:28
问题 How to extend the running application into PCR? and Which PCR can be used for it? 回答1: I assume you mean a TPM version 1.2 on a PC platform, so the following specification documents are of interest for you: TPM Main Part 2 TPM Structures TCG PC Client Specific TPM Interface Specification (TIS) Now to your questions: "How to extend the running application into PCR?" You need some piece of software that identifies " the running application " (= measure ) and issue a TPM_Extend command to the