TPM or OpenSSL for key generation?

The difference between using some hardware backed key store (i.e. TPM, HSM, smartcard ...) and a "pure software" solution like openssl genrsa is not so much about the security of the key generation but about the security of the key storage.

HSM and similar are designed to never actually provide the created private key but only do operations like cryptographic signatures with the key. They are designed so that the key can not be copied to some other medium, that the HSM cannot be cloned with the key inside etc. Theft of the key thus means that the hardware needs to be stolen.

Contrary to that a key generated by openssl genrsa is stored in a normal file, which can be copied without anyone noticing and thus can also be used anywhere else. Theft of the key thus can go unnoticed, since the original owner still has access to the key too. It thus provides less assurance who actually owns and uses the key.


It is a trade-off between

  • the security of storage (TPM is better, in theory it won't give off the key to anyone, it will just accept data to encrypt/sign for you with the key),
  • the security of implementation (openssl is opensource, TPM may have a nasty backdoor) and
  • the ease of use (a PEM file generated by openssl is universal, a key in TPM needs a TPM driver and a TPM-compatible application)
  • transferability (TPM won't give off the key even to another, trusted, triple-checked, president-approved TPM, it is locked forever to the machine it is generated on)

Tags:

Openssl

Key Management

Tpm

Key Generation

Related

Are SSL certs auto-revoked if their Not-Valid-After date is reached without renewing? If malware does not run in a VM why not make everything a VM? Does phishing include ransomware? How can you bind a public key to a certificate if the public key depends on the choice of algorithms? How does having a custom root certificate installed from school or work cause one to be monitored? Could receiving a URL link, not clicking on it, ever pose a security problem? Trojan "Win32/Tnega!MSR" found by Windows Defender - aliases used by other antiviruses? How do hackers trick frontend validation? Qualys SSL Scan weak cipher suites which are secure according to ciphersuite.info How does one take advantage of unencrypted traffic? Why do password requirements exist while limiting the upper character count? Is there any hope of getting my pictures back after an iPhone factory reset some day in the future?

Recent Posts