From: Tadeusz Struk [mailto:firstname.lastname@example.org]
Sent: Tuesday, December 3, 2019 10:59 AM
To: cauldwell.thomas(a)gmail.com; tpm2(a)lists.01.org
Subject: [tpm2] Re: RSA key pairs are gone when I reboot
On 12/3/19 7:54 AM, Frederick Gotham wrote:
> How do I store an RSA key pair persistently/permanently inside the TPM2 chip?
You can use tpm2_evictcontrol tool to make the key persistent.
Generally yes, but not in this case. If you use the pkcs11 library, that
Library controls that tpm object. Rest assured your key is still available,
But not (easily) via side-channel means (ie using tpm2-tools directly.
You have to go through the library. In your case, all the tpm objects (keys)
are associated and managed with the token labelled "monkey".
If you use something like pkcs11-tool you should still see the object
You created. Information on how to do this can be found here:
Also, tpm2_ptool verify commandlet is essentially a list objects as well... but it does
Do these commands still show your key?
Internally, the key is loaded on demand into the TPM as a transient object. The key blob
In the sqlite3 db at path TPM2_PKCS11_STORE.
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org