What is the value of TSS_WELL_KNOWN_SECRET

StackOverflow https://stackoverflow.com/questions/16177692

Question

I want to run a script which calls tpm_sealdata many times and I don't want to enter the SRK password each time.

In the man page I found this:

-z, --well-known
    Use TSS_WELL_KNOWN_SECRET (20 zero bytes) as the SRK password.
    You will not be prompted for the SRK password with this option.

However, I couldn't figure out which value I have to use as TSS_WELL_KNOWN_SECRET.

Was it helpful?

Solution

As the name of the constant implies, the value of TSS_WELL_KNOWN_SECRET is well known. It is just 20 bytes of zero.

But you don't actually need the value. The -z option does not require a value, it's just a switch to tell the program to use the well known secret. The help text you cite also states this fact.

So a call to tpm_sealdata might look like this:

tpm_sealdata -z -i data.in -o data.out

However, to use this method the SRK must have been created with the well known secret of course. When using tpm_takeownership:

tpm_takeownership -z
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top