HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software

Removing TCS......................................................................................................................................26

3 Basic TCS Administration............................................................................................29

TPM Administration Utilities...............................................................................................................29

Backing Up and Restoring TCS System Data and Keys.......................................................................29

Backing Up and Restoring TCS System Data Files.........................................................................30

Backing Up TCS System Data....................................................................................................30

Restoring TCS System Data........................................................................................................30

Creating and Restoring TPM Key Backup Files..............................................................................31

Backing Up TPM Keys...............................................................................................................31

Example.................................................................................................................................31

Restoring TPM Keys...................................................................................................................31

Retrieving TPM Status Information......................................................................................................31

Specifying Secret Passphrases...............................................................................................................32

Maximum Secret Length.................................................................................................................32

Managing TPM Ownership and the TPM Password............................................................................32

Specifying the TPM Password.........................................................................................................32

Maximum TPM Password Length.............................................................................................33

Administering the TPM Password..................................................................................................33

Changing the TPM Password..........................................................................................................33

Restoring the TPM Password File...................................................................................................33

Deleting the TPM Password File.....................................................................................................33

Re-establishing the TPM Password.................................................................................................33

Restoring or Migrating the TPM...........................................................................................................34

4 Using TCS On-Demand Encryption Utilities..............................................................35

Overview...............................................................................................................................................35

Comparing EVFS and TPM On-Demand Encryption.....................................................................35

Using the tpmencrypt Utility.............................................................................................................36

tpmencrypt Options.....................................................................................................................36

Specifying Alternate Data Encryption Algorithms....................................................................36

Storing the TCS Encryption Key in System Persistent Storage..................................................36

Disabling Password Protection..................................................................................................36

Using the tpmdecrypt Utility.............................................................................................................36

5 Using TCS RSA Keys with OpenSSL...........................................................................39

Overview...............................................................................................................................................39

The tpmcreate Utility...................................................................................................................40

OpenSSL Engine Infrastructure and TPM OpenSSL Engines.........................................................40

Requirements...................................................................................................................................41

Configuring an OpenSSL Application to Use TCS Keys......................................................................41

Step 1: Obtaining a Certificate that Uses a TPM-Protected Private Key .............................................41

Obtaining a Certificate Using Keys Created with tpmcreate......................................................42

Wrapping an Existing Certificate Private Key with tpmcreate....................................................43

Step 2: Determining the TPM OpenSSL Engine File for an Application..............................................44

Determining the OpenSSL Version of an Application....................................................................44

Determining the Compiler Data Model..........................................................................................45

Step 3: Specifying Engine Information for the Application..................................................................45

Step 4: Distributing the X.509 Certificate..............................................................................................45

Stunnel Examples..................................................................................................................................45

Stunnel and telnet Example.........................................................................................................45

Creating Certificates with TPM-Protected Keys........................................................................45

4 Table of Contents