Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create ephemeral TPM keys on the recipient side #16

Open
Foxboron opened this issue Jul 17, 2023 · 3 comments
Open

Create ephemeral TPM keys on the recipient side #16

Foxboron opened this issue Jul 17, 2023 · 3 comments
Labels
enhancement New feature or request tpm2 Relevant to the tpm2 code

Comments

@Foxboron
Copy link
Owner

Currently age-plugin-tpm makes ephemeral NIST P256 key in software when the someone encrypt something with the recipient.

There is probably(?) nothing stopping us from creating an ephemeral key inside the TPM on the remote side and use this for ECDH.

We could make this toggle-able if this is not something the remote end wants.
@Foxboron Foxboron added enhancement New feature or request tpm2 Relevant to the tpm2 code labels Jul 17, 2023
@nbraud
Copy link

nbraud commented Dec 27, 2024

In what security model would that be an improvement?

As far as I can tell, an attacker who can subvert the (sw-only) ephemeral key's generation, can presumably access the plaintext being encrypted; since the ephemeral key is not reused for any other plaintext, there's no risk of it being leveraged against other ciphertexts.

@Foxboron
Copy link
Owner Author

In what security model would that be an improvement?

It's more case of "why not both" and for fun really.

@nbraud
Copy link

nbraud commented Dec 27, 2024

I see ^^

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request tpm2 Relevant to the tpm2 code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Foxboron @nbraud