Bottomley: Using Your TPM as a Secure Key Store
Bottomley: Using Your TPM as a Secure Key Store
[Security] Posted Dec 5, 2016 21:03 UTC (Mon) by corbet
James Bottomley has posted a
tutorial on using the trusted platform module to store cryptographic
keys. "The main thing that came out of this discussion was that a
lot of this stack complexity can be hidden from users and we should
concentrate on making the TPM 'just work' for all cryptographic functions
where we have parallels in the existing security layers (like the
keystore). One of the great advantages of the TPM, instead of messing
about with USB pkcs11 tokens, is that it has a file format for TPM keys
(I’ll explain this later) which can be used directly in place of standard
private key files.
"