Security Basics mailing list archives
Re: Bulk encryption capabilities of a TPM
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Thu, 4 May 2006 21:12:42 -0700
My follow up question is, if the cryptographic engine of the TPM can NOT be used for let's say encrypting a whole drive, how does the external encryption module (hardware (ASIC) or software (wavesys)) accesses the wrapped encryption keys from the TPM?
One possible solution I forgot to mention in my email was that the ASIC possesses a symmetric key which is used for bulk encryption. Now the TPM has to only decrypt / encrypt this bulk encryption key instead of the decrypting/encrypting the whole HDD. Same thing can be applied to a software based solution. But where does the software store this encrypted bulk encryption key????? You need persistent storage for this key. A software alone can not provide a safe place for this key. -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 -----------
Current thread:
- Bulk encryption capabilities of a TPM Saqib Ali (May 04)
- Re: Bulk encryption capabilities of a TPM Saqib Ali (May 05)
- Re: Bulk encryption capabilities of a TPM Alexander Klimov (May 08)
- Re: Bulk encryption capabilities of a TPM Saqib Ali (May 08)
- Re: Bulk encryption capabilities of a TPM Alexander Klimov (May 08)
- Re: Bulk encryption capabilities of a TPM Alexander Klimov (May 08)
- Re: Bulk encryption capabilities of a TPM Saqib Ali (May 05)