* [tpm2] Re: Calculating name of created AK- server side
@ 2021-02-04 10:51 kuba.michal.n
0 siblings, 0 replies; 8+ messages in thread
From: kuba.michal.n @ 2021-02-04 10:51 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 34 bytes --]
Thank You for clear explanation :D
^ permalink raw reply [flat|nested] 8+ messages in thread
* [tpm2] Re: Calculating name of created AK- server side
@ 2022-06-18 11:11 painololo
0 siblings, 0 replies; 8+ messages in thread
From: painololo @ 2022-06-18 11:11 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 4 bytes --]
good
^ permalink raw reply [flat|nested] 8+ messages in thread
* [tpm2] Re: Calculating name of created AK- server side
@ 2022-06-18 11:11 painololo
0 siblings, 0 replies; 8+ messages in thread
From: painololo @ 2022-06-18 11:11 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 4 bytes --]
good
^ permalink raw reply [flat|nested] 8+ messages in thread
* [tpm2] Re: Calculating name of created AK- server side
@ 2022-05-19 16:20 hoadao3493
0 siblings, 0 replies; 8+ messages in thread
From: hoadao3493 @ 2022-05-19 16:20 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 121 bytes --]
Thank you for sharing this great article. https://km888b.net hopes you will have many more articles for everyone to read.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [tpm2] Re: Calculating name of created AK- server side
@ 2022-05-19 16:16 hoadao3493
0 siblings, 0 replies; 8+ messages in thread
From: hoadao3493 @ 2022-05-19 16:16 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 121 bytes --]
Thank you for sharing this great article. https://km888b.net hopes you will have many more articles for everyone to read.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [tpm2] Re: Calculating name of created AK- server side
@ 2021-02-03 18:28 Imran Desai
0 siblings, 0 replies; 8+ messages in thread
From: Imran Desai @ 2021-02-03 18:28 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 545 bytes --]
I see. A quick explainer :)
So AKname is not a secret. Neither is it possible to fake one. And so can be handed from the client to the server anytime. (tpm2_readpublic -c ak.ctx -n ak.name)
The credential challenge posed by the server (makecredential) wraps and encrypts a plaintext-credential using the EKpublic and AKname.
Only a client with access to the respective sensitive(private) portions of the EK and AK will have to load the keys on the TPM and it is then able to unwrap/decrypt the credentialBlob with credential-activation.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [tpm2] Re: Calculating name of created AK- server side
@ 2021-01-29 18:44 kuba.michal.n
0 siblings, 0 replies; 8+ messages in thread
From: kuba.michal.n @ 2021-01-29 18:44 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 763 bytes --]
Hello Imran! Thank You for your response
I have read this tutorial before writing my question. It's just amazing :D
My question relates to this command:
tpm2_makecredential \
--tcti none \
--encryption-key rsa_ek.pub \
--secret file_input.data \
--name $loaded_key_name \ # this line :)
--credential-blob cred.out
Anonymity is not our concern. We want to ensure that only those computers which were handed by us to our employees can access internal resources. My idea was to generate EK and AK just like in tutorial, and then send EK certificate and public part of AK to some auth server. Then server would calculate the name and make use of tpm2_makecredential.
I have probably overlooked something really important.
Thank you in advance :D
^ permalink raw reply [flat|nested] 8+ messages in thread
* [tpm2] Re: Calculating name of created AK- server side
@ 2021-01-29 16:12 Imran Desai
0 siblings, 0 replies; 8+ messages in thread
From: Imran Desai @ 2021-01-29 16:12 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 210 bytes --]
Hello kuba, welcome to the community.
Have you looked at this tutorial https://tpm2-software.github.io/2020/06/12/Remote-Attestation-With-tpm2-tools.html
Hopefully it should answer some of your questions.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-06-18 11:11 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-04 10:51 [tpm2] Re: Calculating name of created AK- server side kuba.michal.n
-- strict thread matches above, loose matches on Subject: below --
2022-06-18 11:11 painololo
2022-06-18 11:11 painololo
2022-05-19 16:20 hoadao3493
2022-05-19 16:16 hoadao3493
2021-02-03 18:28 Imran Desai
2021-01-29 18:44 kuba.michal.n
2021-01-29 16:12 Imran Desai
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.