You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfTPM → Persisting Generated RSA Private Key
Hello There,
After trying to read through the TPM 2.0 specification I'm still unclear as to the flow of persisting an RSA private key in NV memory. I'm not seeing an example of this in the native_test application included with the wolfTPM release. Are there any hints that anyone can offer regarding persisting generated RSA private keys on a TPM?
Thank you!
-Tony
Hi TonyM,
The TPM 2.0 specification uses the term "evict" to indicate desire to perist a key into a permanent handle. Example for Native is here:
https://github.com/wolfSSL/wolfTPM/blob … est.c#L638
The wolfTPM wrapper has lots of code examples for doing this here:
https://github.com/wolfSSL/wolfTPM/blob … ap.c#L1190
https://github.com/wolfSSL/wolfTPM/blob … est.c#L199
Most TPM's only have room for about 8 permanent keys. Another option is to use the output from TPM2_Create or TPM2_CreatePrimary, which is encrypted and store that on your device (with more storage) then use TPM2_Load to put into a temporary handle.
Thanks,
David Garske, wolfSSL
wolfSSL - Embedded SSL Library → wolfTPM → Persisting Generated RSA Private Key
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.020 seconds (92% PHP - 8% DB) with 10 queries