Cryptex icon indicating copy to clipboard operation
Cryptex copied to clipboard
verified publisher icon TomFrost

Allow using a TPM module as a key source

Open tjohns opened this issue 10 years ago • 2 comments

Looking at the docs, it seems that the only secure option for storing the master key is Amazon's KMS. (The other options are all potentially vulnerable to key extraction by a rouge admin or hacker.)

It would be nice if support was added for using a key stored on a hardware TPM chip. This would provide similar functionality to KMS, and is available on almost any modern bare-metal server.

For an example of how to interact with a TPM: https://www.cylab.cmu.edu/tiw/slides/challener-TPM.pdf

tjohns avatar Jan 09 '16 02:01 tjohns

Are you aware of any TPM bindings available for node? All I was able to find on short order is https://github.com/jplyle/node-tss, however after brief review it looks like this use case isn't directly supported by that library. C bindings to the TPM headers are beyond the scope of Cryptex, but I agree with the feature need and would love to support a module that provided a TPM API Cryptex could take advantage of.

TomFrost avatar Jan 10 '16 04:01 TomFrost

I'm afraid I'm not familiar with any other Node.js libraries for interacting with the TPM, sorry.

(Admittedly, I haven't done much with Node.js myself!)

tjohns avatar Jan 17 '16 03:01 tjohns