Mailing List Archive

gpg and TPM
Hi there,

the blog article about using GPG with a TPM just caught my eyes, this
really sounds damn interesting. I think this has so much potential.

Some questions about this.

I wasn´t aware the TPM has that much space, does the TPM hold really a
complete key? Does it make sense to use ECC keys to save space on the TPM?

Does this come with a brute force protection regarding the passphrase,
could a much shorter PIN be used instead, like you do with the openPGP
smartcard?

This really is hot stuff. Though I think, an external smart card reader
with dedicated pinpad still is boss. But this really is amazing!

regards

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg and TPM [ In reply to ]
Hi,

On Sun, May 09, 2021 at 10:00:25AM +0000, mailinglisten--- via Gnupg-users wrote:
>I wasn´t aware the TPM has that much space, does the TPM hold really a
>complete key? Does it make sense to use ECC keys to save space on the TPM?

Keys are actually not stored *in* the TPM. When you use the `keytotpm`
command, the key is encrypted in such a way that it can only be
decrypted and used by the TPM, but the key is still stored, in this
encrypted form, as a file under the $GNUPGHOME/private-keys-v1.d
directory.

So there's no need to switch to ECC keys just to “save space on the
TPM”. You can protect as many RSA keys as you want with the TPM without
being constrained by space.

- Damien
Re: gpg and TPM [ In reply to ]
Am 09.05.21 um 15:22 schrieb Damien Goutte-Gattat:
> Hi,
>
> On Sun, May 09, 2021 at 10:00:25AM +0000, mailinglisten--- via
> Gnupg-users wrote:
>> I wasn´t aware the TPM has that much space, does the TPM hold really a
>> complete key? Does it make sense to use ECC keys to save space on the
>> TPM?
>
> Keys are actually not stored *in* the TPM. When you use the `keytotpm`
> command, the key is encrypted in such a way that it can only be
> decrypted and used by the TPM, but the key is still stored, in this
> encrypted form (....)

Thanks for explaining. This is really interesting.
I´m not that familiar with the TPM in general, is the TPM owner (and
SRK) password safe against brute force attacks? Or do you need a complex
password for the TPM?

Thanks



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg and TPM [ In reply to ]
On Tue, May 11, 2021 at 02:03:21PM +0000, mailinglisten@posteo.de wrote:
>I´m not that familiar with the TPM in general

Me neither.


>is the TPM owner (and SRK) password safe against brute force attacks?
>Or do you need a complex password for the TPM?

My understanding is that the TPM offers the *possibility* to protect
against brute force attacks (through the “dictionary attack lockout
reset” mechanism), but I am not sure whether that protection is enabled
by default or if the tpm2daemon (the new component within GnuPG in
charge of using the TPM) makes use of it.

Until I know more, I use with my TPM stronger PINs than what I normally
use with my OpenPGP tokens, just in case. :)

- Damien
Re: gpg and TPM [ In reply to ]
Hi,

I was reading about Debian UEFI and secure boot. If tpm isn't secured
at boot, will that make tpm less secure than key pair where user puts a
strong password?

Thanks.

On Thu, 2021-05-13 at 22:03 +0100, Damien Goutte-Gattat via Gnupg-users
wrote:
> On Tue, May 11, 2021 at 02:03:21PM +0000, mailinglisten@posteo.de
> wrote:
> > I´m not that familiar with the TPM in general
>
> Me neither.
>
>
> > is the TPM owner (and SRK) password safe against brute force
> > attacks?
> > Or do you need a complex password for the TPM?
>
> My understanding is that the TPM offers the *possibility* to protect
> against brute force attacks (through the “dictionary attack lockout
> reset” mechanism), but I am not sure whether that protection is
> enabled
> by default or if the tpm2daemon (the new component within GnuPG in
> charge of using the TPM) makes use of it.
>
> Until I know more, I use with my TPM stronger PINs than what I
> normally
> use with my OpenPGP tokens, just in case. :)
>
> - Damien
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg and TPM [ In reply to ]
Am 13.05.21 um 23:03 schrieb Damien Goutte-Gattat:
> On Tue, May 11, 2021 at 02:03:21PM +0000, mailinglisten@posteo.de wrote:
>> I´m not that familiar with the TPM in general
>
> Me neither.
>
>
>> is the TPM owner (and SRK) password safe against brute force attacks?
>> Or do you need a complex password for the TPM?
>
> My understanding is that the TPM offers the *possibility* to protect
> against brute force attacks (through the “dictionary attack lockout
> reset” mechanism), but I am not sure whether that protection is enabled
> by default or if the tpm2daemon (the new component within GnuPG in
> charge of using the TPM) makes use of it.
>
> Until I know more, I use with my TPM stronger PINs than what I normally
> use with my OpenPGP tokens, just in case. :)

Your concerns are true, TPM protected keys, created by GnuPG are not
brute force protected, a quote from James Bottomley:

"The TPM includes what’s called dictionary lockout protection, so if too
many incorrect passwords are entered, it will enter a dictionary attack
timeout phase before it lets you try a new one. The TPM owner can set
the timeout parameters for this. Note that you can defeat this by
specifying the NODA flag in a TPM key, which means “don’t use dictionary
attack protection for this key”. GnuPG keys are currently created with
this flag set, so you need strong passwords for them"

I wonder, if the dictionary protection can be enabled at a later point
of time.... it would greatly ease the use of the key if you just need a
short PIN.

Another point is, you can´t set an owner password for the TPM, if you do
so, GnuPG can´t access the TPM and you can´t use the keytotpm command.
According to James, GnuPG currently has no mechanism to ask for a
possibly set TPM owner password.

After all, the whole things works, but still requires some fine tuning
here and there, but TPM protected gpg keys really is a great thing and
fun to play with.

Finally the TPM is something good for in a Unix box ;-)
(besides using the hardware RNG which I already did before)

best regards

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg and TPM [ In reply to ]
Am 14.05.21 um 08:46 schrieb Raja Saha:
> Hi,
>
> I was reading about Debian UEFI and secure boot. If tpm isn't secured
> at boot, will that make tpm less secure than key pair where user puts a
> strong password?

Technically, secure boot and TPM are 2 different things.
You can use secure boot without TPM.

If you want to use a TPM protected gpg key, you must *not* set a TPM
owner password! When you set a TPM owner password, the GnuPG command
keytotpm will not work! I think this is not a big deal, because the TPM
protected key has its own password when you create it.
Maybe in the future we can set a TPM owner password and use GnuPG with
TPM protected keys, but now you can´t set a TPM password and use GnuPG
with it, unfortunately. But I think, this is not a real risk. First the
gpg key has its own password and second, an attacker is never able to
retrieve the they key from the TPM.

regards


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users