* [tpm2] Re: Trying to decrypt a file encrypted with a TPM.
@ 2020-05-20 11:50 Steffen Schwebel
0 siblings, 0 replies; 4+ messages in thread
From: Steffen Schwebel @ 2020-05-20 11:50 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 2198 bytes --]
With asymmetric keys, you encrypt something with the public key.
You need the public key of the recipient and encrypt with it.
That way only the keeper of the private key can decrypt it.
You wont be able to decrypt that file anywhere else, except on that
system...
On 5/20/20 11:33 AM, oscargomezf(a)gmail.com wrote:
> Hi everyone,
>
> I have encrypted a file using a TPM with the following commands:
>
> tpm2_createprimary -c primary.ctx
> tpm2_create -C primary.ctx -Grsa2048 -u key.pub -r key.priv
>
> tpm2_flushcontext -t
>
> tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx
> echo "my message" > msg.dat
> tpm2_rsaencrypt -c key.ctx -o msg.enc msg.dat
>
> Therefore, I am able to encrypt the file msg.dat to msg.enc. And I have the following keys:
>
> 1. primary.ctx
> 2. key.pub
> 3. key.priv
> 4. key.ctx
>
> So far so good. However, I need to decrypt the file in msg.enc in another embedded system (Linux platform) without a TPM.
>
> How can I do that? What tools do I need to use?
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
--
Steffen Schwebel
Mail: s.schwebel(a)uvensys.de
uvensys GmbH
Firmensitz und Sitz der Gesellschaft:
uvensys GmbH
Schorbachstraße 11
35510 Butzbach
HRB: AG Friedberg, 7780
USt-Id: DE282879294
Geschäftsführer:
Dr. Thomas Licht, t.licht(a)uvensys.de
Volker Lieder, v.lieder(a)uvensys.de
Mail: info(a)uvensys.de
Internet: www.uvensys.de
Durchwahl: 06033 - 18 19 225
Hotline: 06033 - 18 19 288
Zentrale: 06033 - 18 19 20
Fax: 06033 - 18 19 299
==========================================================
Jegliche Stellungnahmen und Meinungen dieser E-Mail sind
alleine die des Autors und nicht notwendigerweise die der
Firma. Falls erforderlich, können Sie eine gesonderte
schriftliche Bestätigung anfordern.
Any views or opinions presented in this email are solely
those of the author and do not necessarily represent those
of the company. If verification is required please request
a hard-copy version.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [tpm2] Re: Trying to decrypt a file encrypted with a TPM.
@ 2020-05-26 8:53 Steffen Schwebel
0 siblings, 0 replies; 4+ messages in thread
From: Steffen Schwebel @ 2020-05-26 8:53 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 1838 bytes --]
You dont need TPM in this scenario.
What would work would be to generate a private / public key pair with
TPM on Computer A.
Then, you could use that public key on Computer B to encrypt some data.
That way only the TPM on A could decrypt that file again.
Best regards,
Steffen
On 5/26/20 10:46 AM, oscargomezf(a)gmail.com wrote:
> Thank you for your help.
>
> Therefore, if I generate a public and a private rsa2048 key with gpg in a Computer (A) (Linux platform), How can I encrypt a file with this public key with a TPM in another Computer (B) for sending to the computer A in order to be decrypted?
>
> Could I be able to do that?
>
> Best regards.
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
--
Steffen Schwebel
Mail: s.schwebel(a)uvensys.de
uvensys GmbH
Firmensitz und Sitz der Gesellschaft:
uvensys GmbH
Schorbachstraße 11
35510 Butzbach
HRB: AG Friedberg, 7780
USt-Id: DE282879294
Geschäftsführer:
Dr. Thomas Licht, t.licht(a)uvensys.de
Volker Lieder, v.lieder(a)uvensys.de
Mail: info(a)uvensys.de
Internet: www.uvensys.de
Durchwahl: 06033 - 18 19 225
Hotline: 06033 - 18 19 288
Zentrale: 06033 - 18 19 20
Fax: 06033 - 18 19 299
==========================================================
Jegliche Stellungnahmen und Meinungen dieser E-Mail sind
alleine die des Autors und nicht notwendigerweise die der
Firma. Falls erforderlich, können Sie eine gesonderte
schriftliche Bestätigung anfordern.
Any views or opinions presented in this email are solely
those of the author and do not necessarily represent those
of the company. If verification is required please request
a hard-copy version.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [tpm2] Re: Trying to decrypt a file encrypted with a TPM.
@ 2020-05-26 8:46 oscargomezf
0 siblings, 0 replies; 4+ messages in thread
From: oscargomezf @ 2020-05-26 8:46 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 317 bytes --]
Thank you for your help.
Therefore, if I generate a public and a private rsa2048 key with gpg in a Computer (A) (Linux platform), How can I encrypt a file with this public key with a TPM in another Computer (B) for sending to the computer A in order to be decrypted?
Could I be able to do that?
Best regards.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [tpm2] Re: Trying to decrypt a file encrypted with a TPM.
@ 2020-05-20 15:08 Roberts, William C
0 siblings, 0 replies; 4+ messages in thread
From: Roberts, William C @ 2020-05-20 15:08 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 4105 bytes --]
The TPM follows the true meanings of RSA Encrypt and RSA Decrypt:
RSA Encrypt: Do math with public key
RSA Decrypt: Do math with private key
So you feed one into encrypt then decrypt or vice versa depending on what
Properties you want.
Encrypt to Decrypt: You want to send something only the private key holder can
Access. For instance, you want to furlough a symmetric key from a server, you
Could encrypt the key with the clients public key (RSA Encrypt) and then send
It to the client. The client would then call RSA Decrypt. This pattern gives you
privacy. Note there is no forward secrecy here like if you do other, better
ways of key exchange. This is just an example.
Decrypt to Encrypt: This is for verifying the authenticity of a message. Think signing.
You get a hash, perform RSA Decrypt (math with private key), and append that to the
Message. Now someone wants to make sure it's from you and not tampered with,
They use your public key, perform RSA Encrypt (math with public key) and get the
Expected hash of the message. They then compare that to a hash they calculate.
RSA Encrypt is supported by the TPM as a helper. You don't really need to use the
TPM because it's with the public key, it can just be done anywhere as the public
Key is public.
Hopefully this clears it up.
> -----Original Message-----
> From: Steffen Schwebel [mailto:s.schwebel(a)uvensys.de]
> Sent: Wednesday, May 20, 2020 6:50 AM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] Re: Trying to decrypt a file encrypted with a TPM.
>
> With asymmetric keys, you encrypt something with the public key.
>
> You need the public key of the recipient and encrypt with it.
> That way only the keeper of the private key can decrypt it.
>
> You wont be able to decrypt that file anywhere else, except on that system...
>
> On 5/20/20 11:33 AM, oscargomezf(a)gmail.com wrote:
> > Hi everyone,
> >
> > I have encrypted a file using a TPM with the following commands:
> >
> > tpm2_createprimary -c primary.ctx
> > tpm2_create -C primary.ctx -Grsa2048 -u key.pub -r key.priv
> >
> > tpm2_flushcontext -t
> >
> > tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx echo "my
> > message" > msg.dat tpm2_rsaencrypt -c key.ctx -o msg.enc msg.dat
> >
> > Therefore, I am able to encrypt the file msg.dat to msg.enc. And I have the
> following keys:
> >
> > 1. primary.ctx
> > 2. key.pub
> > 3. key.priv
> > 4. key.ctx
> >
> > So far so good. However, I need to decrypt the file in msg.enc in another
> embedded system (Linux platform) without a TPM.
> >
> > How can I do that? What tools do I need to use?
> > _______________________________________________
> > tpm2 mailing list -- tpm2(a)lists.01.org To unsubscribe send an email to
> > tpm2-leave(a)lists.01.org
> > %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
>
> --
> Steffen Schwebel
> Mail: s.schwebel(a)uvensys.de
> uvensys GmbH
>
> Firmensitz und Sitz der Gesellschaft:
> uvensys GmbH
> Schorbachstraße 11
> 35510 Butzbach
>
> HRB: AG Friedberg, 7780
> USt-Id: DE282879294
>
> Geschäftsführer:
> Dr. Thomas Licht, t.licht(a)uvensys.de
> Volker Lieder, v.lieder(a)uvensys.de
>
> Mail: info(a)uvensys.de
> Internet: www.uvensys.de
>
> Durchwahl: 06033 - 18 19 225
> Hotline: 06033 - 18 19 288
> Zentrale: 06033 - 18 19 20
> Fax: 06033 - 18 19 299
> ==========================================================
>
> Jegliche Stellungnahmen und Meinungen dieser E-Mail sind alleine die des Autors
> und nicht notwendigerweise die der Firma. Falls erforderlich, können Sie eine
> gesonderte schriftliche Bestätigung anfordern.
>
> Any views or opinions presented in this email are solely those of the author and
> do not necessarily represent those of the company. If verification is required
> please request a hard-copy version.
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-05-26 8:53 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-20 11:50 [tpm2] Re: Trying to decrypt a file encrypted with a TPM Steffen Schwebel
2020-05-20 15:08 Roberts, William C
2020-05-26 8:46 oscargomezf
2020-05-26 8:53 Steffen Schwebel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.