On Thu, Jun 18, 2020 at 12:22:02PM -0700, James Bottomley wrote: > On Thu, 2020-06-18 at 10:14 +0300, Jarkko Sakkinen wrote: > > On Wed, Jun 17, 2020 at 05:25:40PM -0700, James Bottomley wrote: > > > On Wed, 2020-06-17 at 14:42 -0700, Jerry Snitselaar wrote: > > > > On Tue Jun 16 20, James Bottomley wrote: > > > > > The TCG has defined an OID prefix "2.23.133.10.1" for the > > > > > various > > > > > TPM > > > > > key uses. We've defined three of the available numbers: > > > > > > > > > > 2.23.133.10.1.3 TPM Loadable key. This is an asymmetric key > > > > > (Usually > > > > > RSA2048 or Elliptic Curve) which can be > > > > > imported by a > > > > > TPM2_Load() operation. > > > > > > > > > > 2.23.133.10.1.4 TPM Importable Key. This is an asymmetric key > > > > > (Usually > > > > > RSA2048 or Elliptic Curve) which can be > > > > > imported by a > > > > > TPM2_Import() operation. > > > > > > > > > > Both loadable and importable keys are specific to a given TPM, > > > > > the > > > > > difference is that a loadable key is wrapped with the symmetric > > > > > secret, so must have been created by the TPM itself. An > > > > > importable > > > > > key is wrapped with a DH shared secret, and may be created > > > > > without > > > > > access to the TPM provided you know the public part of the > > > > > parent > > > > > key. > > > > > > > > > > 2.23.133.10.1.5 TPM Sealed Data. This is a set of data (up to > > > > > 128 > > > > > bytes) which is sealed by the TPM. It usually > > > > > represents a symmetric key and must be unsealed > > > > > before > > > > > use. > > > > > > > > > > > > > James, which document are these defined in? I was searching last > > > > night, and couldn't find it. > > > > > > It isn't. It's defined in a TCG spreadsheet that Monty Wiseman > > > keeps, but that seems to be as "official" as it gets with the TCG > > > OID registry. > > > > > > James > > > > "The TCG has defined an OID prefix "2.23.133.10.1" for the various > > TPM key uses." > > > > Should this sentence start just as "TCG ...", not sure if "the" is > > required? > > I've always referred to it as The Trusted Computing Group (so the TCG) > partly to show they're not just any old trusted computing group. But I > think they mostly do refer to themselves in literature as TCG. ... not that this highly important, just asking for pure interest :-) /Jarkko
