<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
	<title type="html"><![CDATA[wolfSSL - Embedded SSL Library — Get endorsement key embedded into a certificate]]></title>
	<link rel="self" href="https://www.wolfssl.com/forums/feed-atom-topic2082.xml" />
	<updated>2024-09-12T16:39:49Z</updated>
	<generator>PunBB</generator>
	<id>https://www.wolfssl.com/forums/topic2082-get-endorsement-key-embedded-into-a-certificate.html</id>
		<entry>
			<title type="html"><![CDATA[Re: Get endorsement key embedded into a certificate]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/post7846.html#p7846" />
			<content type="html"><![CDATA[<p>Hi All,</p><p>As a followup to this topic, we did add support for getting the endorsement keys/certificates. You can find an example here:<br /><a href="https://github.com/wolfSSL/wolfTPM/tree/master/examples/endorsement">https://github.com/wolfSSL/wolfTPM/tree … ndorsement</a></p><p>The answer to all of these is yes, but it does vary by TPM manufacture.</p><p>Let me know if you have any questions after reviewing the new example and endorsement (EK) support.</p><p>Thanks,<br />David Garske, wolfSSL</p>]]></content>
			<author>
				<name><![CDATA[dgarske]]></name>
				<uri>https://www.wolfssl.com/forums/user1863.html</uri>
			</author>
			<updated>2024-09-12T16:39:49Z</updated>
			<id>https://www.wolfssl.com/forums/post7846.html#p7846</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[Re: Get endorsement key embedded into a certificate]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/post7845.html#p7845" />
			<content type="html"><![CDATA[<div class="quotebox"><cite>captain&#039;flam wrote:</cite><blockquote><p>I&#039;m a newbie in TPM development (using wolfTPM) but I have already some tricky questions :</p><p>- is that true that each TMP has its own builtin asymmetric (endorsement) key ? (let&#039;s assume yes)<br />- is it a RSA or a ECC key ? (or one of each)<br />- is it possible to get the public part of the key ?<br />- is it possible to get this public key embedded in a certificate ?<br />&nbsp; (I didn&#039;t find any function in the API to do that)<br />- if it is possible, which CA certificate signs it ?<br />- is there a certificate chain ending to the TPM&#039;s one ?<br />&nbsp; (then what is the auto-signed certificate at the top of this chain ?)</p><p>Thanks in advance !</p></blockquote></div><p>I&#039;m also new to TPM and I only answered 1 question which is the first TMP answer that has a worthy asymmetric key reserved and cannot get the declaration part of the certificate. The rest I will choose someone else to answer,</p>]]></content>
			<author>
				<name><![CDATA[KimberlyFagan2004]]></name>
				<uri>https://www.wolfssl.com/forums/user5942.html</uri>
			</author>
			<updated>2024-09-12T15:52:45Z</updated>
			<id>https://www.wolfssl.com/forums/post7845.html#p7845</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[Re: Get endorsement key embedded into a certificate]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/post7493.html#p7493" />
			<content type="html"><![CDATA[<p>Hi ZLam,</p><p>Thanks for your questions. Can you tell me where you are located and more about your project?</p><p>The TPM has endorsements key(s) and certificate(s) provisioned by the manufacture. See: <a href="https://trustedcomputinggroup.org/resource/http-trustedcomputinggroup-org-wp-content-uploads-tcg-ek-credential-profile-v-2-5-r2_published-pdf/">https://trustedcomputinggroup.org/resou … ished-pdf/</a></p><p>It varies by manufacture, but it is typically ECC and RSA. There is a place in NV to get the signed certificate elements. We support using the endorsement key for a few things in wolfTPM: <a href="https://github.com/wolfSSL/wolfTPM/blob/master/examples/attestation/make_credential.c">https://github.com/wolfSSL/wolfTPM/blob … edential.c</a></p><p>We will soon be adding support for extracting the EK certificate(s) as well.</p><p>You can see some of the EK certificate support in the IBM TSS stack here: <a href="https://github.com/kgoldman/ibmtss/blob/master/utils/ekutils.c">https://github.com/kgoldman/ibmtss/blob … /ekutils.c</a></p><p>Thanks,<br />David Garske, wolfSSL</p>]]></content>
			<author>
				<name><![CDATA[dgarske]]></name>
				<uri>https://www.wolfssl.com/forums/user1863.html</uri>
			</author>
			<updated>2024-02-05T16:14:00Z</updated>
			<id>https://www.wolfssl.com/forums/post7493.html#p7493</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[Get endorsement key embedded into a certificate]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/post7492.html#p7492" />
			<content type="html"><![CDATA[<p>I&#039;m a newbie in TPM development (using wolfTPM) but I have already some tricky questions :</p><p>- is that true that each TMP has its own builtin asymmetric (endorsement) key ? (let&#039;s assume yes)<br />- is it a RSA or a ECC key ? (or one of each)<br />- is it possible to get the public part of the key ?<br />- is it possible to get this public key embedded in a certificate ?<br />&nbsp; (I didn&#039;t find any function in the API to do that)<br />- if it is possible, which CA certificate signs it ?<br />- is there a certificate chain ending to the TPM&#039;s one ?<br />&nbsp; (then what is the auto-signed certificate at the top of this chain ?)</p><p>Thanks in advance !</p>]]></content>
			<author>
				<name><![CDATA[captain'flam]]></name>
				<uri>https://www.wolfssl.com/forums/user5241.html</uri>
			</author>
			<updated>2024-02-05T15:41:57Z</updated>
			<id>https://www.wolfssl.com/forums/post7492.html#p7492</id>
		</entry>
</feed>
