go-tpm-tools icon indicating copy to clipboard operation
go-tpm-tools copied to clipboard

Published 20 hours ago verified publisher icon google

Support importing AES or HMAC keys

Open salrashid123 opened this issue 2 years ago • 1 comments

go-tpm-tools currenlty supports importing an external rsa key into the tpm using CreateSigningKeyImportBlob

it also supports encrypting an arbitrary secret which can get decrypted by the target TPM (using CreateImportBlob

It'd be nice to allow a way to import an AES or HMAC key into the target tpm instead of it just allowing decryption (i.e have a similar mechanism like CreateSigningKeyImportBlob but one that actually embeds the secret.

this should be similar to tpm2_duplicate

one application would be to transfer an hmac AWS key to a target tpm for authentication

salrashid123 avatar Jun 13 '23 17:06 salrashid123

requires upstream go-tpm fixes for hmac https://github.com/google/go-tpm/issues/249

salrashid123 avatar Jun 13 '23 17:06 salrashid123