Re: Bulk encryption capabilities of a TPM
- From: "Saqib Ali" <docbook.xml@xxxxxxxxx>
- Date: Thu, 4 May 2006 21:12:42 -0700
My follow up question is, if the cryptographic engine of the TPM can
NOT be used for let's say encrypting a whole drive, how does the
external encryption module (hardware (ASIC) or software (wavesys))
accesses the wrapped encryption keys from the TPM?
One possible solution I forgot to mention in my email was that the
ASIC possesses a symmetric key which is used for bulk encryption. Now
the TPM has to only decrypt / encrypt this bulk encryption key instead
of the decrypting/encrypting the whole HDD.
Same thing can be applied to a software based solution. But where does
the software store this encrypted bulk encryption key????? You need
persistent storage for this key. A software alone can not provide a
safe place for this key.
--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------
- Follow-Ups:
- Re: Bulk encryption capabilities of a TPM
- From: Alexander Klimov
- Re: Bulk encryption capabilities of a TPM
- References:
- Bulk encryption capabilities of a TPM
- From: Saqib Ali
- Bulk encryption capabilities of a TPM
- Prev by Date: Re: Suggestion for a Mac OS X Server Content Filter / Anti-Spam
- Next by Date: How to secure a webserver in a DMZ
- Previous by thread: Bulk encryption capabilities of a TPM
- Next by thread: Re: Bulk encryption capabilities of a TPM
- Index(es):
Relevant Pages
|
