Hi, we are working on TPM2.0 integration with our devices.
We use Infineon TPM 2.0 chip and It works as expect.
We are using tpm2-tss 1.4.0 library.
We want to use transient RSA key generated inside device. Key is of
course protected by its parent password,
but we want to protect i2c communication between host and tpm chip. We
want communication be encrypted, we don't want to send
parent's password or key's password in clear text.
We have found good example tpmclient.int.cpp, but there is an example
how to encrypt access to the NV Index. There is no anything about RSA keys.
How to call Tss2_Sys_Create for creating RSA key and then set password
to use with session protected by TPM2_SE_HMAC and password.
In the example there is StartAuthSessionWithParams and StartAuthSession.
There is KDFa function called but we need something shared password to
create session key.
Which shared keys ? Is this parent's key password or keys password ?
Thanks in advance,