[RFC 0/4] TPM support for gpg

James Bottomley James.Bottomley at HansenPartnership.com
Fri Jan 19 06:25:24 CET 2018

This patch series adds TPM 2.0 support to gnupg. TPMs are useful as an
alternative to key cards: they provide the same security against key
theft and the same cryptographic protections.  The main difference is
that TPMs are universally present in every laptop, so they provide a
simple and ubiquitous solution to key security.  The only real down
side is that unlike key cards, TPM protected keys cannot be transferred
between laptops, you must instead keep an offline backup copy of the
key can then be transferred to the TPM of any new laptop.

The way TPM protection works is slightly different from key cards.
 Instead of moving the key inside the card, the TPM converts any given
key to a TPM specific representation (meaning it's encrypted by a
special key that only the TPM possesses).  The TPM represenation must
be stored offline somewhere and if it is lost, so is the protected key.
 The way I implemented this is to use the TPM to convert the key to
protected representation and then store it in the shadow_info of a
shadowed-private-key using a shadow type of tpm2-v1.  The TPM can
handle an arbitrary number of keys, but the price is the shadow_info
stores the keys and must be preserved.

This implementation is an RFC, because ordinarily TPM support would be
integrated into the cryptosystem rather than the application but since
gnupg already integrates key cards via a diversion mechanism, it was
also easy to follow this route for TPM support.  The main difference
between the TPM and the card is that there's no need for a separate
daemon to run the card, so I integrated diversion support directly into
the agent.

The way to use this is simple: I added a new command to keyedit.c:
keytotpm which converts an existing encrypted private key to TPM
representation. This conversion is done immediately the command
completes and cannot be undone.  Once converted, all the usual gpg
operations go transparently through the TPM, so it should be largely
invisible to a user.



James Bottomley (4):
  agent: expose shadow key type
  agent: add tpm specific functions
  agent: plumb in TPM handling
  g10: add ability to transfer a private key to the tpm

 agent/Makefile.am   |   2 +
 agent/agent.h       |  23 +-
 agent/command.c     |  78 +++++-
 agent/divert-tpm2.c | 187 +++++++++++++
 agent/findkey.c     |   5 +-
 agent/pkdecrypt.c   |   8 +-
 agent/pksign.c      |  14 +-
 agent/protect.c     |  72 ++++-
 agent/tpm2.c        | 784 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 agent/tpm2.h        |  22 ++
 g10/call-agent.c    |  22 ++
 g10/call-agent.h    |   3 +
 g10/keyedit.c       |  45 ++-
 13 files changed, 1240 insertions(+), 25 deletions(-)
 create mode 100644 agent/divert-tpm2.c
 create mode 100644 agent/tpm2.c
 create mode 100644 agent/tpm2.h


More information about the Gnupg-devel mailing list