[144350] in cryptography@c2.net mail archive
Re: full-disk subversion standards released
daemon@ATHENA.MIT.EDU (Kent Yoder)
Thu Mar 5 15:43:59 2009
In-Reply-To: <499d6ed30903051013i738817b2v34b019462078a9a0@mail.gmail.com>
Date: Thu, 5 Mar 2009 14:39:09 -0600
From: Kent Yoder <shpedoikal@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: ben@links.org, cryptography@metzdowd.com, gnu@toad.com,
smb@cs.columbia.edu, tls@rek.tjls.com
On Thu, Mar 5, 2009 at 12:13 PM, Kent Yoder <shpedoikal@gmail.com> wrote:
> Hi Peter,
>
>>>Apart from the obvious fact that if the TPM is good for DRM then it is a=
lso
>>>good for protecting servers and the data on them,
>>
>> In which way, and for what sorts of "protection"? =A0And I mean that as =
a
>> serious inquiry, not just a "Did you spill my pint?" question. =A0At the=
moment
>> the sole significant use of TPMs is Bitlocker, which uses it as little m=
ore
>> than a PIN-protected USB memory key and even then functions just as well
>> without it. =A0To take a really simple usage case, how would you:
>>
>> - Generate a public/private key pair and use it to sign email (PGP, S/MI=
ME,
>> =A0take your pick)?
>
> =A0I had this working using openCryptoki, the trousers TSS and Mozilla
> Thunderbird on openSUSE Linux. =A0If the setup instructions aren't in
> the various readmes of those projects I can help you set it up if
> you'd like.
>
>> - As above, but send the public portion of the key to someone and use th=
e
>> =A0private portion to decrypt incoming email?
>
> =A0A simple PKCS#11 app to extract the public key is all that's needed
> with the above tools.
>
>> (for extra points, prove that it's workable by implementing it using an =
actual
>> TPM to send and receive email with it, which given the hit-and-miss
>
> =A0Done. :-) =A0Last time I tested this it worked fine... =A0Circa 2006..=
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
