gpg and TPM
Damien Goutte-Gattat
dgouttegattat at incenp.org
Sun May 9 15:22:39 CEST 2021
Hi,
On Sun, May 09, 2021 at 10:00:25AM +0000, mailinglisten--- via Gnupg-users wrote:
>I wasn´t aware the TPM has that much space, does the TPM hold really a
>complete key? Does it make sense to use ECC keys to save space on the TPM?
Keys are actually not stored *in* the TPM. When you use the `keytotpm`
command, the key is encrypted in such a way that it can only be
decrypted and used by the TPM, but the key is still stored, in this
encrypted form, as a file under the $GNUPGHOME/private-keys-v1.d
directory.
So there's no need to switch to ECC keys just to “save space on the
TPM”. You can protect as many RSA keys as you want with the TPM without
being constrained by space.
- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210509/29203ab7/attachment.sig>
More information about the Gnupg-users
mailing list