As a security device, the ability of an application to use keys while keeping them safe in a hardware device is the TPM's greatest strength. The TPM can both generate and import externally generated keys. It supports both asymmetric and symmetric keys. Chapter 2 covered the basic principles behind these two key types.
As a memory-constrained device, it acts as a key cache, with the application securely swapping keys in and out as needed. This key cache operation is discussed in the “Key Cache” section.
There are three key hierarchies under the control of different security roles, and each can form trees of keys in a parent-child relationship. Chapter 9 covered the hierarchies and their use cases.
Each key has individual security controls, which can include a password, an enhanced authorization policy, restrictions on duplication to another parent or another TPM, and limits on its use as a signing or decryption key. Keys can be both certified and used to certify other keys. Attributes specific to keys are discussed in the “Key Types and Attributes” section. The details of authorization common to all TPM entities, including password and policy, are deferred to Chapters 13 and 14.
Following is a summary of the TPM commands most often used with keys. It isn't a complete list. See the TPM 2.0 specification, Part 3, for the complete command set and API details. They're used in the descriptions and use cases that follow, as well as in subsequent chapters:
• TPM2_Create and TPM2_CreatePrimary create all key types from templates.
• TPM2_Load (for wrapped private keys) and TPM2_LoadExternal (for public keys and possibly plaintext private keys) load keys onto the TPM.
• TPM2_ContextSave and TPM2_ContextLoad are used to swap keys in and out of the TPM key cache. TPM2_FlushContext removes
a key from the TPM. TPM2_EvictControl can make a loaded key persistent or remove a persistent ley from the TPM. These functions and their applications are explained in detail in Chapter 18.
• TPM2_Unseal, TPM2_RSA_Encrypt, and TPM2_RSA_Decrypt use encryption keys.
• TPM2_HMAC, TPM2_HMAC_Start, TPM2_SequenceUpdate, and TPM2_SequenceCompete use symmetric signing keys and the keyed-hash message authentication code (HMAC) algorithm.
• TPM2_Sign is a general-purpose signing command, and
TPM2_VerifySignature verifies a digital signature.
• TPM2_Certify, TPM2_Quote, TPM2_GetSessionAuditDigest, and TPM_GetTime are specialized signing commands that sign
attestation structures. In particular, TPM2_Certify can be used to have a TPM key sign another key (specifically its Name). Thus, the TPM can be used as a certificate authority, where the issuer key attests to the properties of the subject key.