Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

OPTIGA™ TPM Forum Discussions

wenzhu
Level 2
Level 2
First like given First solution authored 10 replies posted

After save the key to the TPM, I want to use the key to encrypt.

0 Likes
1 Solution
snehapra
Moderator
Moderator
Moderator
100 sign-ins 25 solutions authored 50 replies posted

Hi @wenzhu,

In TPM2_CreatePrimary, the TPM returns the public part but the private part resides in the TPM. The key can be directly used, so no TPM2_Load is required and 'tpm2_evictcontrol' will make the key objects persistent.

Thanks,

Sneha

 

View solution in original post

4 Replies
snehapra
Moderator
Moderator
Moderator
100 sign-ins 25 solutions authored 50 replies posted

Hi @wenzhu ,

You can generate keys using 'tpm2_createprimary' command, the RSA/ECC keys will be generated and persistently stored in the TPM.
Please note, running 'TPM2_Clear' would clear the persistent objects. Example for your reference below:
>> tpm2_createprimary -C o -P your_owner_authorization_value -g sha256 -G rsa -c RSAprimary.ctx
>> tpm2_evictcontrol -C o -c RSAprimary.ctx -P your_owner_authorization_value 0x81000004
key persisted in the handle: 0x81000004

To encypt data using this key, you can run 'tpm2_rsaencrypt' and provide the input data to be encrypted (input.txt).
>> tpm2_rsaencrypt -c 0x81000005 -o data_encrypted.txt input.txt

 

Thanks,

Sneha

0 Likes

Hi @snehapra , thanks for your supporting. Can I use below command "tpm2_loadexternal -Q -G ecc -r private.ecc.pem -c key.ctx", then save key.ctx to tpm persistently ?

0 Likes
snehapra
Moderator
Moderator
Moderator
100 sign-ins 25 solutions authored 50 replies posted

Hi @wenzhu,

In TPM2_CreatePrimary, the TPM returns the public part but the private part resides in the TPM. The key can be directly used, so no TPM2_Load is required and 'tpm2_evictcontrol' will make the key objects persistent.

Thanks,

Sneha

 

Hi @snehapra , thank you so much.

0 Likes