go-tpm-tools currenlty supports importing an external rsa key into the tpm using CreateSigningKeyImportBlob
it also supports encrypting an arbitrary secret which can get decrypted by the target TPM (using CreateImportBlob
It'd be nice to allow a way to import an AES or HMAC key into the target tpm instead of it just allowing decryption (i.e have a similar mechanism like CreateSigningKeyImportBlob but one that actually embeds the secret.
go-tpm-tools
currenlty supports importing an external rsa key into the tpm using CreateSigningKeyImportBlobit also supports encrypting an arbitrary secret which can get decrypted by the target TPM (using CreateImportBlob
It'd be nice to allow a way to import an AES or HMAC key into the target tpm instead of it just allowing decryption (i.e have a similar mechanism like
CreateSigningKeyImportBlob
but one that actually embeds the secret.this should be similar to tpm2_duplicate
one application would be to transfer an hmac AWS key to a target tpm for authentication