I correct myself. It seems that sealing and attestation requests can only be done only through accessting the TSS implementation. Other TPM functionality, such as encryption, decryption and digital signatures can be accessed through the PKCS#11 interface.
The TPM is the trusted base for the computer - in theory it is supposed to be a piece of hardware that is protected from physical tampering (not quite so in practice), that can securely store secrets, and that is trusted to do some basic cryptographic functions without being compromised. One of th
Peter Djalaliev wrote:
> The original TSS (Trusted Software Stack) implementation (libtcpa by
> IBM) doesn't use PKCS#11 calls and this is the library that we are
> using. Even though a PKCS#11-based implementation exists now
> (TrouSers), I don't quite have the ability (time) to switch right now
The TPM chip can be used to provide trusted cryptographic functionality - key generation, signatures, etc. It cannot exactly store certificates, it has 16 20-bit PCR registers that store integrity hashes which can be used to authenticate the software stack running on the computer.
The original TSS
Peter Djalaliev wrote:
> Hello,
>
> Is there another way to import certificates into Firefox's certificate
> database except importing them in PKCS#12 format through the GUI (Edit >
> Preferences > ...)?
uh, tools->options->Advanced(tab)->View Certificates(button)
takes you to the "Certificate
5 matches
Mail list logo
