full-disk subversion standards released
Kent Yoder
shpedoikal at gmail.com
Thu Mar 5 15:39:09 EST 2009
On Thu, Mar 5, 2009 at 12:13 PM, Kent Yoder <shpedoikal at gmail.com> wrote:
> Hi Peter,
>
>>>Apart from the obvious fact that if the TPM is good for DRM then it is also
>>>good for protecting servers and the data on them,
>>
>> In which way, and for what sorts of "protection"? And I mean that as a
>> serious inquiry, not just a "Did you spill my pint?" question. At the moment
>> the sole significant use of TPMs is Bitlocker, which uses it as little more
>> than a PIN-protected USB memory key and even then functions just as well
>> without it. To take a really simple usage case, how would you:
>>
>> - Generate a public/private key pair and use it to sign email (PGP, S/MIME,
>> take your pick)?
>
> I had this working using openCryptoki, the trousers TSS and Mozilla
> Thunderbird on openSUSE Linux. If the setup instructions aren't in
> the various readmes of those projects I can help you set it up if
> you'd like.
>
>> - As above, but send the public portion of the key to someone and use the
>> private portion to decrypt incoming email?
>
> A simple PKCS#11 app to extract the public key is all that's needed
> with the above tools.
>
>> (for extra points, prove that it's workable by implementing it using an actual
>> TPM to send and receive email with it, which given the hit-and-miss
>
> Done. :-) Last time I tested this it worked fine... Circa 2006..---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list