Open salrashid123 opened 4 years ago
We've internally added support for TPMs in C++ but this will probably be part of a different repo as an add-on to Tink to avoid bloat.
@fernandolobato when you mention an add-on to Tink, do you have C++ or Go in mind? Has any code being published? I'd be interested in a TPM-backed go implementation, and might try and write one from scratch but I wouldn't want to duplicate efforts. (Also, getting inspiration from a C++ version if it's been made public may be useful.)
Hey @kerneis-anssi, we have an implementation of a TPM backed AEAD. This isn't public yet, since it'll require a bit of work to open source and will live as a separate repo to avoiding adding a dependency on the TPM TSS for every day Tink users. I also have a Go implementation in mind, but it's not currently in the roadmap for the next couple of quarters.
FR to support encryption/decryption using TPM based keys.
WIth this, you can encrypt and decrypt data only with the same TPM.
for example, this is encryption/decryption using
tpm2_tools
(cpp), andgo-tpm
: https://github.com/salrashid123/tpm2/tree/master/encrypt_decrypt_aesI'd imagine the proto for the Key would save the public/sealedprivate portion of the key that was generated, eg in
"type.googleapis.com/google.crypto.tink.TpmKey"
At the moment, this is only feasible for one or two languages that support tpm-based libraries so filing this as a longer term FR.