Skip to content

Commit 8aa43a5

Browse files
authored
Improve README formatting for encryption steps
Updated formatting for encryption and decryption steps in README.
1 parent ede7dbe commit 8aa43a5

1 file changed

Lines changed: 19 additions & 18 deletions

File tree

README.md

Lines changed: 19 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -18,17 +18,17 @@ There are two modes to using this library:
1818

1919
When you encrypt data, it can ONLY get decrypted by that *SAME* TPM:
2020

21-
Encrypt:
21+
Encrypt:
2222

23-
1. generate aead `key`
24-
2. `ciphertext = AEAD_Encrypt( key, plaintext )`
25-
3. `sealed_key = TPM_Seal( key )`
23+
- `1`: generate aead `key`
24+
- `2`: `ciphertext = AEAD_Encrypt( key, plaintext )`
25+
- `3`: `sealed_key = TPM_Seal( key )`
2626

2727

28-
Decrypt:
28+
Decrypt:
2929

30-
4. `encryptionKey = TPM_Unseal( sealed_key )`
31-
5. `plaintext = AEAD_Decrypt( key, ciphertext )`
30+
- `4`: `encryptionKey = TPM_Unseal( sealed_key )`
31+
- `5`: `plaintext = AEAD_Decrypt( key, ciphertext )`
3232

3333
---
3434

@@ -44,18 +44,18 @@ Decrypt:
4444

4545
Alice shares `ekPub.pem` with Bob
4646

47-
Encrypt (Bob):
47+
Encrypt (Bob):
4848

49-
1. generate aead `key`
50-
2. `ciphertext = AEAD_Encrypt( key, plaintext )`
51-
3. `sealed_key = TPM_Seal( key )`
52-
4. `duplicate_key = TPM_Duplicate( EKPub, sealed_key )`
49+
- `1`: generate aead `key`
50+
- `2`: `ciphertext = AEAD_Encrypt( key, plaintext )`
51+
- `3`: `sealed_key = TPM_Seal( key )`
52+
- `4`: `duplicate_key = TPM_Duplicate( EKPub, sealed_key )`
5353

54-
Decrypt (Alice):
54+
Decrypt (Alice):
5555

56-
5. `sealed_key = TPM_Import( duplicate_key )`
57-
6. `key = TPM_Unseal( sealed_key )`
58-
7. `plaintext = AEAD_Decrypt( key, ciphertext )`
56+
- `4`: `sealed_key = TPM_Import( duplicate_key )`
57+
- `5`: `key = TPM_Unseal( sealed_key )`
58+
- `6`: `plaintext = AEAD_Decrypt( key, ciphertext )`
5959

6060
---
6161

@@ -643,6 +643,7 @@ There are two levels of encryption involved with this library and is best descri
643643
w := wrapaead.NewWrapper()
644644
err := w.SetAesGcmKeyBytes(key)
645645
cipherText, _ := w.Encrypt(ctx, plaintext, opt...)
646+
wrappedKey.keyFile = tpm2.Seal( tpm2_object( type=TPMAlgKeyedHash, secret=key ) )
646647
```
647648

648649
* `ciphertext`: the encrypted data wrapped using `key` which includes the initialization vector
@@ -660,7 +661,7 @@ There are two levels of encryption involved with this library and is best descri
660661

661662
If you base64decode the `wrappedKey`
662663

663-
* `keyfile` is the PEM encoded private key which has sealed the `key`
664+
* `keyfile` is the PEM encoded TPM object which has the `key` sealed inside it
664665

665666
The keyfile is:
666667

@@ -679,7 +680,7 @@ The keyfile is:
679680
1. First load the `keyfile` and unseal:
680681

681682
```golang
682-
key, err := tpm2.Unseal(keyfile)
683+
key, err := tpm2.Unseal(wrappedKey.keyFile)
683684
```
684685

685686
2. Create new *direct* aead wrapper using `wrapaead "github.com/hashicorp/go-kms-wrapping/v2/aead"` and set `key` as the decryption key.

0 commit comments

Comments
 (0)