Nelson Bolyard написа: > I would expect that these details all go on beneath the PKCS#11 API layer, > and are all hidden inside of the PKCS#11 module. I suspect that the wrapped > keys (wherever they physically reside) still appear as PKCS#11 objects in > the PKCS#11 "slot" or "token", and would be findable through the PKCS#11 > C_FindObjects function.
Absolutely, you are right about PKCS#11 (and you know much more about it than me anyway). I just got a little confused about people talking about generating private keys in the TPM and taking them out. It seems that all private keys (thank you for the correction here) generated in the TPM never leave it, unless they are marked as migratable and are migrated to another TPM. The corresponding public keys can be exported :) Regards, Peter _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
