There are many considerations when designing a key-management system with a TPM. If keys are going to be used for critical operations, such as encryption or identification, it’s vital that an architecture be used to provide a standard means of managing the key’s lifetime and prepare for problems if hardware breaks. Such an architecture must be able to handle key generation, key distribution, key backup, and key destruction. The design of the TPM was architected with these things in mind. This chapter describes the various options possible for these steps in a key’s life.
When generating a key, the most ...