From: joseph at zeronsoftn.com
To: tpm2@lists.01.org
Subject: [tpm2] Re: Is the tpm2_create command safe against sniffing attacks?
Date: Tue, 03 Aug 2021 01:41:22 +0300 [thread overview]
Message-ID: <1627944082.541093249@f20.my.com> (raw)
In-Reply-To: OF8BBF26A9.0B99F84B-ON00258725.00602982-85258725.006843B9@ibm.com
[-- Attachment #1: Type: text/plain, Size: 1351 bytes --]
"salted session" was the keyword I was looking for!
Really thank you :) 화요일, 03 8월 2021, 03:59오전 +09:00 발신 Kenneth Goldman kgoldman(a)us.ibm.com :
>"Steven Clark" < davolfman(a)gmail.com> wrote on 08/02/2021 01:26:56 PM:
>
> I think it may be an optional standard but my TPM has some certs
> permanently stored in nv-indices in the 0x1c0000x range that can be
> checked against the manufacturer cert. I haven't learned how to
> leverage those into trusted parameter encryption keys yet but they
> should be able to verify there's a real TPM at the other end at the
> very least (and more if you learn to use them correctly).
>
>The EK certificates in NV are in theory optional, but every TPM
>I have encountered has them.
>
>Checking the certificate against the manufacturer's CA is
>a standard crypto library function.
>
>Once you have an authentic EK, create a salted session using
>the EK.
>
>Once you have the salted session, set the encrypt and/or decrypt bit
>when running the command.
>
>Underneath, there's some complicated crypto, but it's all
>hidden from the application.
>
>_______________________________________________
>tpm2 mailing list -- tpm2(a)lists.01.org
>To unsubscribe send an email to tpm2-leave(a)lists.01.org
>%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 2669 bytes --]
next reply other threads:[~2021-08-02 22:41 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-02 22:41 joseph [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-08-02 18:58 [tpm2] Re: Is the tpm2_create command safe against sniffing attacks? Kenneth Goldman
2021-08-02 17:26 Steven Clark
2021-08-02 3:33 Joseph Lee
2021-08-01 21:27 Joseph Lee
2021-08-01 19:33 Dimitar Tomov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1627944082.541093249@f20.my.com \
--to=tpm2@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.