Re: gpg and TPM

2021-05-09 Thread Damien Goutte-Gattat via Gnupg-users 

Hi,

On Sun, May 09, 2021 at 10:00:25AM +, mailinglisten--- via Gnupg-users 
wrote:

I wasn´t aware the TPM has that much space, does the TPM hold really a
complete key? Does it make sense to use ECC keys to save space on the TPM?


Keys are actually not stored *in* the TPM. When you use the `keytotpm` 
command, the key is encrypted in such a way that it can only be 
decrypted and used by the TPM, but the key is still stored, in this 
encrypted form, as a file under the $GNUPGHOME/private-keys-v1.d 
directory.


So there's no need to switch to ECC keys just to “save space on the 
TPM”. You can protect as many RSA keys as you want with the TPM without 
being constrained by space.


- Damien


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg and TPM

2021-05-09 Thread mailinglisten--- via Gnupg-users 
Hi there,

the blog article about using GPG with a TPM just caught my eyes, this
really sounds damn interesting. I think this has so much potential.

Some questions about this.

I wasn´t aware the TPM has that much space, does the TPM hold really a
complete key? Does it make sense to use ECC keys to save space on the TPM?

Does this come with a brute force protection regarding the passphrase,
could a much shorter PIN be used instead, like you do with the openPGP
smartcard?

This really is hot stuff. Though I think, an external smart card reader
with dedicated pinpad still is boss. But this really is amazing!

regards

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users