Conventional Security Services
Signing
When a TPM executes TPM_Sign, it does the same job as a cryptographic smart card that is signing data. Two signing algorithms are supported by first generation TPMs: one that accepts the output of an SHA-1 hash, and one that accepts DER encoded data.
TPM_Sign signs data using a key that is currently loaded into a TPM. The signing key must be one of two types, either TPM_KEY_SIGNING or TPM_KEY_LEGACY. A TPM will refuse to use a TPM identity key because they are used to prove that data originated in a TPM: using them for general purpose signing would enable a rogue to forge signed data structures that would appear to be generated by a TPM itself.
Evidence that target data was signed on a TPM can be provided ...
Get Trusted Computing Platforms: TCPA Technology in Context now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
