Allow using a TPM module as a key source #2
Comments
|
Are you aware of any TPM bindings available for node? All I was able to find on short order is https://github.com/jplyle/node-tss, however after brief review it looks like this use case isn't directly supported by that library. C bindings to the TPM headers are beyond the scope of Cryptex, but I agree with the feature need and would love to support a module that provided a TPM API Cryptex could take advantage of. |
|
I'm afraid I'm not familiar with any other Node.js libraries for
interacting with the TPM, sorry.
(Admittedly, I haven't done much with Node.js myself!)
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Looking at the docs, it seems that the only secure option for storing the master key is Amazon's KMS. (The other options are all potentially vulnerable to key extraction by a rouge admin or hacker.)
It would be nice if support was added for using a key stored on a hardware TPM chip. This would provide similar functionality to KMS, and is available on almost any modern bare-metal server.
For an example of how to interact with a TPM: https://www.cylab.cmu.edu/tiw/slides/challener-TPM.pdf
The text was updated successfully, but these errors were encountered: