wolfTPM is a portable TPM 2.0 stack with backward API compatibility designed for embedded use, and the newly released wolfTPM v3.0.0 includes support for encrypting secrets with ECC keys.
TPM’s encrypt secrets to prevent their disclosure to unauthorized entities. And whereas encryption with RSA keys was already supported in wolfTPM, users now have the option to leverage ECC keys.
This enables using an ECC primary key together with an authenticated session to enable parameter encryption of sensitive data. The TCG specification defines the method for using ECDH and a custom KDF to derive a shared secret between the host and the TPM device to be used for parameter encryption with AES CFB or XOR.
wolfTPM already has full support for using ECC keys in the TPM for signing/verification (ECDSA) and shared secret ECDH(E) using TPM API’s.
Finally, don’t forget that if you are intent on adding a TPM to an embedded MCU or MPU design, wolfTPM is the obvious choice, as it runs on everything from bare metal to FreeRTOS, VxWorks, Integrity, QNX, and many others! You can also expect wolfTPM to get qualified for DO-178 in the coming year.
Contact us at facts@wolfSSL.com or call us at +1 425 245 8247 with any questions, comments or suggestions.
Download wolfSSL Now