O'Reilly logo

Trusted Computing Platforms: TCPA Technology in Context by Graeme Proudler, David Plaquin, Liqun Chen, Boris Balacheff, Siani Pearson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Conventional Security Services

Signing

When a TPM executes TPM_Sign, it does the same job as a cryptographic smart card that is signing data. Two signing algorithms are supported by first generation TPMs: one that accepts the output of an SHA-1 hash, and one that accepts DER encoded data.

TPM_Sign signs data using a key that is currently loaded into a TPM. The signing key must be one of two types, either TPM_KEY_SIGNING or TPM_KEY_LEGACY. A TPM will refuse to use a TPM identity key because they are used to prove that data originated in a TPM: using them for general purpose signing would enable a rogue to forge signed data structures that would appear to be generated by a TPM itself.

Evidence that target data was signed on a TPM can be provided ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required