Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
61626364656667686970
8 Advanced TCS Administration
You can perform the majority of day-to-day TCS management tasks of the TPM with a few simple
commands, as described in Chapter 3 (page 29). However, the TCS management commands
also support options for advanced administration. A selection of these command options are
described in this chapter.
This chapter addresses the following topics:
“Managing Keys” (page 67)
“Deleting Keys” (page 69)
“Modifying tcsd Operating Parameters” (page 69)
“Configuring Applications Protected by TCS on Serviceguard Clusters” (page 70)
Managing Keys
This section provides information on using the tpmlist keys, tpmlist keyinfo, and tpmadm
deletekeys commands for key management.
Using the tpmlist keys Command to List Keys
The tpmlist keys command lists the Universally Unique Identifier (UUID), a numeric identifier
for keys in TPM system persistent storage. The UUID is a 128-bit number; the size of this number
insures that the possibility of assigning duplicate UUID values approaches 0. This command
also lists the parent UUID for each key (the UUID of the parent key that encrypts the key).
TCS uses the following fixed UUIDs for the keys at the top levels of the TPM key hierarchy:
UUIDKey
00000000-0000-0000-0000-000000000001
Storage Root Key (SRK)
00000000-0000-0000-0000-000000000002
System-specific Key (SK)
00000000-0000-0000-0000-000000000003
Roaming Key (RK)
In the following example, you can see entries for the SRK, SK, and RK. There is also a key with
the RK as its parent (its parent UUID is 3). This key was created using the tpmencrypt -d
command.
# tpmlist keys
Key(s) matching the above criteria:
Key UUID: ded330fd-6386-41f6-b94b-10d6c84c5422
Parent Key UUID: 00000000-0000-0000-0000-000000000003
Key UUID: 00000000-0000-0000-0000-000000000001
Parent Key UUID: 00000000-0000-0000-0000-000000000000
Key UUID: 00000000-0000-0000-0000-000000000002
Parent Key UUID: 00000000-0000-0000-0000-000000000001
Key UUID: 00000000-0000-0000-0000-000000000003
Parent Key UUID: 00000000-0000-0000-0000-000000000001
Number of keys found: 4
You can also use the tpmlist keys command to search for keys matching a specific criteria.
In the following example, tpmlist keys lists only the keys that are descendants of the RK:
# tpmlist keys ancestoruuid=rk
Key(s) matching the above criteria:
Managing Keys 67