You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+4-5Lines changed: 4 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -559,20 +559,20 @@ to `Decrypt`:
559
559
560
560
#### `Import`
561
561
562
-
For this, you encrypt some data _remotely_ using just a public encryption key for the target TPM.
562
+
For this, you encrypt some data _remotely_ using just a public encryption key for the target TPM. YOu do not need a TPM on your laptop but you do need one on the destination (ofcourse)
563
563
564
564
**A**: To transfer a secret from your local laptop to `TPM-B` with **userAuth** or **PCRPolicy**
565
565
566
566
1.`TPM-B`: create `ekpubB.pem`
567
567
2. copy `ekpubB.pem` to `TPM-A`
568
568
569
-
on `TPM-A`:
569
+
on `laptop`:
570
570
571
571
3. given plaintext, use [go-kms-wrapping.Encrypt()](https://pkg.go.dev/github.com/hashicorp/go-kms-wrapping#Envelope.Encrypt) to encrypt.
572
572
This will return a new _inner encryption key_ (`env.Key`), initialization vector and cipher text
573
573
4. construct a TPM Public of type `tpm2.TPMAlgKeyedHash` with `PolicyOr[PolicyAuthValue|PolicyDuplicateSelect]` or as `PolicyOr[PolicyPCR|PolicyDuplicateSelect]`.
574
574
5. set the `env.Key` as the TPM keys sensitive part (i.,e seal data)
575
-
6. duplicate the TPM based key using the `Policyduplicateselect` and a real session
575
+
6. duplicate the key using the `Policyduplicateselect`
0 commit comments