Topic: Identity attestation
I am discovering the TPM and I am trying to implement some basic uses.
In my context, the PC hosting the TPM is a "client" discussing with a "server".
The server must be sure that the client actually the good one.
My actual way to perform this is by using an obfuscated crypto lib :
- at the very beginning of the client life, the client generates (& buries) a RSA key pair, and sends its public part to the server.
- during the client life time, when it's identity is to be proven:
- the server sends some random data to the client
- the client signs it using its buried private RSA key, and sends the signature to the server
- the server verifies the signature using the public RSA key it received earlier
---> nothing really original...
My question is : how to do the same thing using your TPM lib ?
I read some documentation here : https://trustedcomputinggroup.org/resou … ification/
and I must admit I don't understand all the subtleties...
I download and compile your lib + examples, but I don't figure out how to proceed for my need.
Maybe it's not a good approach to reproduce what I do with my old school obfuscated crypto lib...
Then what is the proper way, for the client, to prove its own identity ?
Maybe using PCR, but I don't see how to use them...
Thanks in advance