TPM - Ecc based encryption / decryption using the public key

TrinityTonic

4/24/24, 9:57 AM

Our device comes with a device certificate which was signed with our private registration authority (CA). The private key (type ECC) was generated on the device itself - to be more specific directly on the on-board TPM. The public key is included inside the device certificate.

Now we have a use-case where we want to encrypt some sensitive file to be used on the device and wondered how we could do this with existing mechanisms. Could the public ECC key inside the device certificate (or something derived from it) be used to encrypt data that only the device would be able to decrypt using its private TPM-based ECC key (or something derived from it)?

What options do we have to encrypt something for the device while using device-specific information - we would not like that the encrypted file would work on every device which would be the case if we used a shared secret and symmetric encryption directly.

0 + 3

fgrieu

4/24/24, 12:02 PM

There are two aspects to the question: how that can be done from a crypto standpoint (that would fit the job description of [ECIES](https://www.secg.org/sec1-v2.pdf#subsection.5.1) if there was not the _one usage, one key_ principle which goes against reuse of an ECC signature key for encryption purposes), and how that maps to the feature set of a TPM.

TrinityTonic

4/24/24, 12:34 PM

@fgrieu - yes. In fact It's about those two questions, namely what technical options exist and how they could be translated to the TPM.

Maarten Bodewes

4/26/24, 1:50 PM

Well, you haven't specified the specific TPM nor which standard it should be compliant to. So besides that remark from @fgrieu I don't think we can tell you much. Of course you can use the public key to encrypt even if it goes against policy, the question is about the usage of the private key. If it only supports ECDSA then using it for ECDH as required for ECIES would be problematic.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: TPM - Ecc based encryption / decryption using the public key

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.