New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
May I know how to encrypt using the key generated by tpm2_ecdhzgen #3378
Comments
Please check "Generate shared secret using ECDH keys": #3202 |
|
|
If your TPM does not support TPM2_EncryptDecrypt you will get error 0x143 from tpm2_encryptdecrypt and you can use e.g. openssl for this purpose.
|
Thanks for your answer. I think what you mean is that tpm2_import the share secret as a symmetric key. |
yes, you could use your shared secret instead of symkey.bin
No you can also use ECC keys (-G ecc) |
Thanks a lot.I know how to use the shared secret. |
This is my process of ECDH key exchange, which generates a symmetric key(secret1. dat or secret2. dat)?
TPMA
tpm2_createprimary -C o -c primaryA.ctx
tpm2_create -C primaryA.ctx -c keyA.ctx -u ecdhA.pub -G ecc256:ecdh -r ecdhA.pri
tpm2_ecdhzgen -k ecdhB.pub -o secret1.dat -c keyA.ctx
TPMB
tpm2_createprimary -C o -c primaryB.ctx
tpm2_create -C primaryB.ctx -c keyB.ctx -u ecdhB.pub -G ecc256:ecdh -r ecdhB.pri
tpm2_ecdhzgen -k ecdhA.pub -o secret2.dat -c keyB.ctx
How should I use secret1. dat or secret2. dat to encrypt?tpm2_encryptdecrypt and tpm2_load seem useless.
The text was updated successfully, but these errors were encountered: