Blargh

In my last blog post I described how to set up SSH with TPM-protected keys. This time I'll try to explain how it works. SRK The SRK is a public key pair that is the main secret inside the TPM chip. It is always generated by the chip, and the private key cannot be read or migrated. In order to use the SRK key with any operation, the SRK password must be supplied. The SRK password is just an access password. It's not related to the key itself. The SRK password is usually set to the Well Known Secret (20 null characters), or sometimes the empty string, or something silly like "12345678". There is not much point in having a good SRK password, since you probably have to store it on disk somewhere anyway, to allow TPM operations by daemons. If you want a password then you probably want to set that per key, not chip-wide like the SRK password is. Key generation The stpm-keygen binary asks the TPM to generate a...