path: root/include/keys/trusted-type.h
diff options
authorJames Bottomley <>2021-01-27 11:06:14 -0800
committerJarkko Sakkinen <>2021-04-14 16:30:30 +0300
commit1c6476e9741e30be57e0b370d4405214f055607c (patch)
tree709b67483d2b12b71a643c8a4573e7a98f31afb0 /include/keys/trusted-type.h
parentb07067627cd5f1f6dc60c224b47c728f7f4b7b45 (diff)
oid_registry: Add TCG defined OIDS for TPM keys
The TCG has defined an OID prefix "" for the various TPM key uses. We've defined three of the available numbers: TPM Loadable key. This is an asymmetric key (Usually RSA2048 or Elliptic Curve) which can be imported by a TPM2_Load() operation. TPM Importable Key. This is an asymmetric key (Usually RSA2048 or Elliptic Curve) which can be imported by a TPM2_Import() operation. Both loadable and importable keys are specific to a given TPM, the difference is that a loadable key is wrapped with the symmetric secret, so must have been created by the TPM itself. An importable key is wrapped with a DH shared secret, and may be created without access to the TPM provided you know the public part of the parent key. TPM Sealed Data. This is a set of data (up to 128 bytes) which is sealed by the TPM. It usually represents a symmetric key and must be unsealed before use. The ASN.1 binary key form starts of with this OID as the first element of a sequence, giving the binary form a unique recognizable identity marker regardless of encoding. Signed-off-by: James Bottomley <> Reviewed-by: David Howells <> Acked-by: Jarkko Sakkinen <> Signed-off-by: Jarkko Sakkinen <>
Diffstat (limited to 'include/keys/trusted-type.h')
0 files changed, 0 insertions, 0 deletions