0

There is an answered question which asks about the specifics and the answers are technical. I am looking for a conceptual answer in a ELI5 manner.

A TPM is a hardware chip which stores critical keys. I.e. instead of keeping your private key as a file in .ssh/id_rsa it is placed within a TPM.

This way the content of the private key is never exposed, neither as a file nor in the RAM of the computer. It would be available in the computer RAM if the ssh was doing the decryption.

Instead, SSH will use the API provided by the TPM and say something like

Hey TPM, can you encrypt/decrypt this data without me ever touching the key?

How does a TPM know that it's ok to provide these encryption/decription services to an application (in this case SSH)?

  • Does this answer your question? [How does the TPM perform integrity measurements on a system?](https://security.stackexchange.com/questions/39329/how-does-the-tpm-perform-integrity-measurements-on-a-system) – forest Aug 30 '22 at 20:25
  • @forest Thanks, updated my question. I'm looking for a answer focusing on a conceptual implementation, not technical specifics. The answers given in the given question would be the second step one would look into once the bigger picture is formed. – TheMeaningfulEngineer Aug 31 '22 at 14:29
  • I'm finding quite a few tutorials and diagrams by searching for "how does ssh interact with tpm" This is the top hit, and it explains it quite well: https://incenp.org/notes/2020/tpm-based-ssh-key.html – schroeder Aug 31 '22 at 14:37

1 Answers1

1

The ELI5 answer: The app (should) only talks to the TPM daemon. The app authenticates itself to the daemon with an authentication key that is paired with a app key stored in the TPM. Once this authentication is performed, the app hands the TPM the encrypted message for the TPM to decrypt.

The app never sees the decryption key and the app is authenticated.

The full answer: every tutorial on how to connect ssh with a TPM.

schroeder
  • 125,553
  • 55
  • 289
  • 326
  • Seems like the "app authentication key" becomes the weakest link in that chain then. How is that it handled? Rephrased: Why aren't we facing the same problem we hoped to solve with the TPM, just with a different key? – TheMeaningfulEngineer Aug 31 '22 at 16:12
  • ... any external process to access the TPM would be the "weakest link". As for your new question, the answer is to look at what the TPM is meant to protect *against*. – schroeder Aug 31 '22 at 16:15
  • From what I gathered, it is meant to solve the problem where the hard disk encryption key lives on that same disk encrypted. I'm trying to get what it solves for the SSH case. Do you have any more directing questions? Perhaps we can try phrasing them in an ELI5 manner and expand your answer? – TheMeaningfulEngineer Aug 31 '22 at 16:23
  • My answer addresses what you've asked. What it appears that you want to know is why someone would want to use the TPM at all for SSH. That's a new question (and easily looked up). I spent less than 5 minutes finding this answer as well as the answer to this new question. Please do some research on your own, and if you have a specific confusion, we can take a look at that new question. – schroeder Aug 31 '22 at 16:28