Topic: Persisting Generated RSA Private Key

Hello There,

After trying to read through the TPM 2.0 specification I'm still unclear as to the flow of persisting an RSA private key in NV memory.  I'm not seeing an example of this in the native_test application included with the wolfTPM release.  Are there any hints that anyone can offer regarding persisting generated RSA private keys on a TPM?

Thank you!
-Tony

Share

Re: Persisting Generated RSA Private Key

Hi TonyM,

The TPM 2.0 specification uses the term "evict" to indicate desire to perist a key into a permanent handle. Example for Native is here:
https://github.com/wolfSSL/wolfTPM/blob … est.c#L638

The wolfTPM wrapper has lots of code examples for doing this here:
https://github.com/wolfSSL/wolfTPM/blob … ap.c#L1190
https://github.com/wolfSSL/wolfTPM/blob … est.c#L199

Most TPM's only have room for about 8 permanent keys. Another option is to use the output from TPM2_Create or TPM2_CreatePrimary, which is encrypted and store that on your device (with more storage) then use TPM2_Load to put into a temporary handle.

Thanks,
David Garske, wolfSSL

Share

Re: Persisting Generated RSA Private Key

Thank you for your help!

Cheers,
Tony

Share