Many embedded devices generate their SSH server host key in RAM on every boot, then hand it to the SSH stack as a DER buffer. It works, but the private key lives in memory where firmware bugs, cold-boot attacks, or a careless core dump can leak it. For a safety-critical or long-lived product, the host identity deserves better protection.
wolfSSH now lets you keep the server host key inside a TPM 2.0 through wolfTPM. The private key is created once, stays in the TPM, and never enters application memory. This release supports both ECDSA and RSA host keys, and you can try the full flow on your development host with no hardware using wolfTPM’s built-in firmware TPM.
What is new
- A new public API, wolfSSH_CTX_UseTpmHostKey(), registers a TPM-resident server host key in place of wolfSSH_CTX_UsePrivateKey_buffer().
- Support for ECDSA (P-256, P-384, P-521) and RSA (rsa-sha2-256) host keys, with the matching host key algorithm advertised automatically.
- The SSH key exchange signature is performed inside the TPM through wolfTPM, so the host private key never enters application memory.
- A -G option in the wolfSSH echoserver example demonstrates the complete flow.
- Continuous integration exercises the feature for both ECC and RSA against two TPM simulators, ibmswtpm2 and wolfTPM’s own fwTPM.
The change adds no API breaks and builds cleanly with or without –enable-tpm.
Why keep the host key in the TPM
A TPM is purpose-built to hold private keys and perform signing on the chip, so the key material is never exposed to the host CPU or memory. Provision the key one time into a persistent handle, load that handle at boot, and the device presents a stable host identity backed by a hardware root of trust.
This is exactly the property regulated and safety-critical products are after, and it removes a whole class of key-disclosure risks from the threat model. wolfTPM keeps the integration small and portable, so the same wolfSSH code runs across TPM vendors.
Prototype with fwTPM, no hardware required
wolfTPM ships a built-in software TPM 2.0 called fwTPM. It runs as a normal process on your host and speaks the standard TPM socket protocol, so you can build and test the complete design before committing to TPM silicon. Generate a host key blob inside the TPM, point the echoserver at it with -G, and connect with any standard SSH client. The handshake completes with the host key signed by the TPM, and no private key buffer ever exists in RAM.
Using it in your own server
The integration replaces a single call. Where a software host key uses wolfSSH_CTX_UsePrivateKey_buffer(), a TPM-resident key uses wolfSSH_CTX_UseTpmHostKey() and passes the wolfTPM device and key handle instead of a private key buffer. wolfSSH detects the key type and curve from the TPM public area and advertises the correct host key algorithm during key exchange, so the rest of your server code stays the same.
Getting started
The feature is available in wolfSSH now. wolfSSL, wolfTPM, and wolfSSH are all dual-licensed under GPLv3 and a commercial license, with full source available. If you would like help wiring this into your embedded SSH or SFTP server, or selecting a TPM for your platform, contact us at support@wolfssl.com for technical support or facts@wolfssl.com for licensing and general questions.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now