9:09 a.m.
Hi David,
Thank you for your reply. Do you know if I can find documentation about this?
I found what I believe is the serialization / deserialization of those JSON objects:
https://github.com/tpm2-software/tpm2-tss/blob/04a2853994eb31747c3e19c260...
https://github.com/tpm2-software/tpm2-tss/blob/04a2853994eb31747c3e19c260...
But this encryption process of the PrivK, with the PubKey of the SRK is then somewhere
else?
Best,
Anthony
From: David Challener <david.c.challener(a)gmail.com>
Sent: Tuesday, 16 November 2021 16:56
To: Anthony Arrascue <AArrascue(a)neuroloop.de>
Subject: Re: [tpm2] Schema of object.json
I expect the private key is the encrytion of the real private key with the srk oublic
key.
On Tue, Nov 16, 2021, 9:31 AM Anthony Arrascue
<AArrascue@neuroloop.de<mailto:AArrascue@neuroloop.de>> wrote:
Hello,
I am using TPM2-TSS v. 2.4.x and TPM2-TOOLS v. 4.X.
Let’s suppose I create a key running:
tss2_createkey --path=HS/SRK/MyKey --type="sign,noDa,decrypt,system"
--authValue=blabla
This creates a folder MyKey in […]/keystore/P_RSA2048SHA256/HS/SRK/MyKey and a file
object.json inside.
I was wondering what the public / private keys are?
public":{
"size":278,
"publicArea":{…},
…
"unique":"acc645e440fce2b34772dc94658c2b0daf3c18053ecfd7924ef3346dd764d7c5dd91ca207683a5ea884f03adf7e198728c39a8a59f01326a80f768a0f7302dd0b7e37b0c1efa22e8604f85c061c0a81e60ab97edb1e81cdc2b889ad2414045c273ce6af38260a91dd6857013bdffd7e5541a0a9f3221ea6bd1c41f650dd3f52f5cac75e76e0618541c622f48e0967867e1d40c632f5e87600442d7e534390741d4b4f0a9b7ac0a141ce07c0d5d7447c598183d2c48a8bccf9ddb867193518e2cb10c86f03bc996d3b054b383df7f10f2c6d0d070358c72a325e2ad5301ae1f4834160aaefa1cecb3e8e0441e1fb0ab60feefd35e2c9ec6439fdc9a0e5b6456ff"
}
},
…
"serialization":"",
"private":"00201f93bbec6eb3d00f08cb8cafd48dffe6b06150fa45b989072922b2049c962de80010baf3c7683d5039a27cb73036531a869137bc3a57d30b8c348b73ce134eb11066e45803e5ee7bba20192ab4f6881b21004261ab06af37c68a22758284d9d21fc91d49748f6eee1bc8f1011d0e4fd228642e98f3ee65a4161d1cc53af6b0dfb48aafc9cefde1ca8212b08e16b4c15d0a16adc36b19133350f73bace6f12d11c084d9eb953cf9c87d0a2f2b34617a2369ffc9fb299113bba531d9be465e033ec54511cf6b6e3463e84018e40eaded1fa6ad13da671946cd03a567f3",
…
Questions: what is the meaning of the “unique” and “private” keys?
Is there a place where a schema can be found for a key?
The private part cannot be the private key right? It would not make sense that this is
stored as plain text.
Thank you very much for any help.
Best,
Anthony Arrascue
_______________________________________________
tpm2 mailing list -- tpm2@lists.01.org<mailto:tpm2@lists.01.org>
To unsubscribe send an email to
tpm2-leave@lists.01.org<mailto:tpm2-leave@lists.01.org>
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
10:20 a.m.
New subject: Schema of object.json
In the JSON format, those are just representations of the TPM2B_PUBLIC and TPM2B_PRIVATE
data structures.
The TPM2B_PRIVATE is defined as just a byte array, which contains the key specific data.
That data is protected by
it's parent key, which in most instances is the SRK.
How the data is protected is found in the arch doc section 23.3
https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part1...
The easiest way, IMO to view the protections is to look at the wrap code in tpm2-pytss:
https://github.com/tpm2-software/tpm2-pytss/blob/master/tpm2_pytss/utils....
The tests also show the flow:
https://github.com/tpm2-software/tpm2-pytss/blob/64fa9fb037bf363890bb112d...
The general flow of data structures is that:
TPM2B_SENSITIVE(authValue, seedValue, keyData (sensitive) --> wrap(parent key) -->
TPM2B_PRIVATE
________________________________
From: Anthony Arrascue <AArrascue(a)neuroloop.de>
Sent: Tuesday, November 16, 2021 10:09 AM
To: David Challener <david.c.challener(a)gmail.com>; tpm2(a)lists.01.org
<tpm2(a)lists.01.org>
Subject: [tpm2] Re: Schema of object.json
Hi David,
Thank you for your reply. Do you know if I can find documentation about this?
I found what I believe is the serialization / deserialization of those JSON objects:
https://github.com/tpm2-software/tpm2-tss/blob/04a2853994eb31747c3e19c260...
https://github.com/tpm2-software/tpm2-tss/blob/04a2853994eb31747c3e19c260...
But this encryption process of the PrivK, with the PubKey of the SRK is then somewhere
else?
Best,
Anthony
From: David Challener <david.c.challener(a)gmail.com>
Sent: Tuesday, 16 November 2021 16:56
To: Anthony Arrascue <AArrascue(a)neuroloop.de>
Subject: Re: [tpm2] Schema of object.json
I expect the private key is the encrytion of the real private key with the srk oublic
key.
On Tue, Nov 16, 2021, 9:31 AM Anthony Arrascue
<AArrascue@neuroloop.de<mailto:AArrascue@neuroloop.de>> wrote:
Hello,
I am using TPM2-TSS v. 2.4.x and TPM2-TOOLS v. 4.X.
Let’s suppose I create a key running:
tss2_createkey --path=HS/SRK/MyKey --type="sign,noDa,decrypt,system"
--authValue=blabla
This creates a folder MyKey in […]/keystore/P_RSA2048SHA256/HS/SRK/MyKey and a file
object.json inside.
I was wondering what the public / private keys are?
public":{
"size":278,
"publicArea":{…},
…
"unique":"acc645e440fce2b34772dc94658c2b0daf3c18053ecfd7924ef3346dd764d7c5dd91ca207683a5ea884f03adf7e198728c39a8a59f01326a80f768a0f7302dd0b7e37b0c1efa22e8604f85c061c0a81e60ab97edb1e81cdc2b889ad2414045c273ce6af38260a91dd6857013bdffd7e5541a0a9f3221ea6bd1c41f650dd3f52f5cac75e76e0618541c622f48e0967867e1d40c632f5e87600442d7e534390741d4b4f0a9b7ac0a141ce07c0d5d7447c598183d2c48a8bccf9ddb867193518e2cb10c86f03bc996d3b054b383df7f10f2c6d0d070358c72a325e2ad5301ae1f4834160aaefa1cecb3e8e0441e1fb0ab60feefd35e2c9ec6439fdc9a0e5b6456ff"
}
},
…
"serialization":"",
"private":"00201f93bbec6eb3d00f08cb8cafd48dffe6b06150fa45b989072922b2049c962de80010baf3c7683d5039a27cb73036531a869137bc3a57d30b8c348b73ce134eb11066e45803e5ee7bba20192ab4f6881b21004261ab06af37c68a22758284d9d21fc91d49748f6eee1bc8f1011d0e4fd228642e98f3ee65a4161d1cc53af6b0dfb48aafc9cefde1ca8212b08e16b4c15d0a16adc36b19133350f73bace6f12d11c084d9eb953cf9c87d0a2f2b34617a2369ffc9fb299113bba531d9be465e033ec54511cf6b6e3463e84018e40eaded1fa6ad13da671946cd03a567f3",
…
Questions: what is the meaning of the “unique” and “private” keys?
Is there a place where a schema can be found for a key?
The private part cannot be the private key right? It would not make sense that this is
stored as plain text.
Thank you very much for any help.
Best,
Anthony Arrascue
_______________________________________________
tpm2 mailing list -- tpm2@lists.01.org<mailto:tpm2@lists.01.org>
To unsubscribe send an email to
tpm2-leave@lists.01.org<mailto:tpm2-leave@lists.01.org>
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
2:14 a.m.
New subject: Schema of object.json
Thank you for pointing me to tpm2-pytss.
It is more clear now.
Best,
Anthony
From: Roberts, William C <william.c.roberts(a)intel.com>
Sent: Tuesday, 16 November 2021 18:21
To: Anthony Arrascue <AArrascue(a)neuroloop.de>; David Challener
<david.c.challener(a)gmail.com>; tpm2(a)lists.01.org
Subject: [tpm2] Re: Schema of object.json
In the JSON format, those are just representations of the TPM2B_PUBLIC and TPM2B_PRIVATE
data structures.
The TPM2B_PRIVATE is defined as just a byte array, which contains the key specific data.
That data is protected by
it's parent key, which in most instances is the SRK.
How the data is protected is found in the arch doc section 23.3
https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part1...
The easiest way, IMO to view the protections is to look at the wrap code in tpm2-pytss:
https://github.com/tpm2-software/tpm2-pytss/blob/master/tpm2_pytss/utils....
The tests also show the flow:
https://github.com/tpm2-software/tpm2-pytss/blob/64fa9fb037bf363890bb112d...
The general flow of data structures is that:
TPM2B_SENSITIVE(authValue, seedValue, keyData (sensitive) --> wrap(parent key) -->
TPM2B_PRIVATE
________________________________
From: Anthony Arrascue
<AArrascue@neuroloop.de<mailto:AArrascue@neuroloop.de>>
Sent: Tuesday, November 16, 2021 10:09 AM
To: David Challener
<david.c.challener@gmail.com<mailto:david.c.challener@gmail.com>>;
tpm2@lists.01.org<mailto:tpm2@lists.01.org>
<tpm2@lists.01.org<mailto:tpm2@lists.01.org>>
Subject: [tpm2] Re: Schema of object.json
Hi David,
Thank you for your reply. Do you know if I can find documentation about this?
I found what I believe is the serialization / deserialization of those JSON objects:
https://github.com/tpm2-software/tpm2-tss/blob/04a2853994eb31747c3e19c260...
https://github.com/tpm2-software/tpm2-tss/blob/04a2853994eb31747c3e19c260...
But this encryption process of the PrivK, with the PubKey of the SRK is then somewhere
else?
Best,
Anthony
From: David Challener
<david.c.challener@gmail.com<mailto:david.c.challener@gmail.com>>
Sent: Tuesday, 16 November 2021 16:56
To: Anthony Arrascue <AArrascue@neuroloop.de<mailto:AArrascue@neuroloop.de>>
Subject: Re: [tpm2] Schema of object.json
I expect the private key is the encrytion of the real private key with the srk oublic
key.
On Tue, Nov 16, 2021, 9:31 AM Anthony Arrascue
<AArrascue@neuroloop.de<mailto:AArrascue@neuroloop.de>> wrote:
Hello,
I am using TPM2-TSS v. 2.4.x and TPM2-TOOLS v. 4.X.
Let’s suppose I create a key running:
tss2_createkey --path=HS/SRK/MyKey --type="sign,noDa,decrypt,system"
--authValue=blabla
This creates a folder MyKey in […]/keystore/P_RSA2048SHA256/HS/SRK/MyKey and a file
object.json inside.
I was wondering what the public / private keys are?
public":{
"size":278,
"publicArea":{…},
…
"unique":"acc645e440fce2b34772dc94658c2b0daf3c18053ecfd7924ef3346dd764d7c5dd91ca207683a5ea884f03adf7e198728c39a8a59f01326a80f768a0f7302dd0b7e37b0c1efa22e8604f85c061c0a81e60ab97edb1e81cdc2b889ad2414045c273ce6af38260a91dd6857013bdffd7e5541a0a9f3221ea6bd1c41f650dd3f52f5cac75e76e0618541c622f48e0967867e1d40c632f5e87600442d7e534390741d4b4f0a9b7ac0a141ce07c0d5d7447c598183d2c48a8bccf9ddb867193518e2cb10c86f03bc996d3b054b383df7f10f2c6d0d070358c72a325e2ad5301ae1f4834160aaefa1cecb3e8e0441e1fb0ab60feefd35e2c9ec6439fdc9a0e5b6456ff"
}
},
…
"serialization":"",
"private":"00201f93bbec6eb3d00f08cb8cafd48dffe6b06150fa45b989072922b2049c962de80010baf3c7683d5039a27cb73036531a869137bc3a57d30b8c348b73ce134eb11066e45803e5ee7bba20192ab4f6881b21004261ab06af37c68a22758284d9d21fc91d49748f6eee1bc8f1011d0e4fd228642e98f3ee65a4161d1cc53af6b0dfb48aafc9cefde1ca8212b08e16b4c15d0a16adc36b19133350f73bace6f12d11c084d9eb953cf9c87d0a2f2b34617a2369ffc9fb299113bba531d9be465e033ec54511cf6b6e3463e84018e40eaded1fa6ad13da671946cd03a567f3",
…
Questions: what is the meaning of the “unique” and “private” keys?
Is there a place where a schema can be found for a key?
The private part cannot be the private key right? It would not make sense that this is
stored as plain text.
Thank you very much for any help.
Best,
Anthony Arrascue
_______________________________________________
tpm2 mailing list -- tpm2@lists.01.org<mailto:tpm2@lists.01.org>
To unsubscribe send an email to
tpm2-leave@lists.01.org<mailto:tpm2-leave@lists.01.org>
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
191
days inactive
192
days old
2 comments
2 participants
participants (2)
-
Anthony Arrascue -
Roberts, William C