[英]How to Use encryption and signing keys of GCP Shielded VM
I am wondering how signing key and encryption key of a gcp shielded VM instance can be used?我想知道如何使用 gcp 屏蔽 VM 实例的签名密钥和加密密钥? I am thinking of using the encryption key (ekPub) to encrypt an arbitrary blob of data and be sure only the the associated gcp instance can decrypt it.
我正在考虑使用加密密钥(ekPub)来加密任意数据块,并确保只有关联的 gcp 实例可以解密它。 But I am not sure how to ask vTPM to decrypt the encrypted data?
但我不确定如何要求 vTPM 解密加密数据?
Shielded VM and Confidential computing are 2 different features on Google Cloud.受保护的VM和机密计算是 Google Cloud 上的两个不同功能。
Shielded VM check at startup is any component has been tampered and can lead to a dataleak (through malware/backdoor)启动时受防护的 VM 检查是否有任何组件被篡改并可能导致数据泄露(通过恶意软件/后门)
Confidential Computing automatically create a cryptographic key at startup.机密计算在启动时自动创建一个加密密钥。 This key is used to cipher all the data in memory.
此密钥用于加密 memory 中的所有数据。 The data are only decipher inside the CPU, while processing.
数据仅在 CPU 内部进行解密,同时进行处理。
When the data are written on disk, the data are get from encrypted memory, decipher in the CPU and written in plain text on the disk, which is automatically encrypted (but by another process, not by the CPU)当数据写入磁盘时,数据来自加密的memory,在CPU中解密并以明文形式写入磁盘,自动加密(但由另一个进程,而不是由CPU)
You have nothing to do, it's automatic!你什么都不做,它是自动的!
The endorsement key (EK) is a key on TPM2.0 that is used for attestation.背书密钥 (EK) 是 TPM2.0 上用于证明的密钥。 The EK typically comes with a certificate signed by the manufacturer (note, not available on GCE instances) stating that the TPM is a genuine TPM[1].
EK 通常带有由制造商签名的证书(注意,在 GCE 实例上不可用),说明 TPM 是真正的 TPM[1]。 However, the TCG had privacy concerns around attestation with one signing key.
但是,TCG 对使用一个签名密钥的证明存在隐私问题。 So, they decided to make the endorsement key an encryption key.
因此,他们决定将背书密钥设为加密密钥。 The ActivateCredential flow[2] is typically used to trust a new signing key.
ActivateCredential 流程[2] 通常用于信任新的签名密钥。 This sidesteps the privacy concerns by allowing the use of a privacy CA to create an AK cert endorsing that the EK and AK are on the same TPM.
这通过允许使用隐私 CA 创建 AK 证书来支持 EK 和 AK 在同一个 TPM 上,从而回避了隐私问题。 GCE creates an AK by default that allows users to avoid this process by using the get-shielded-identity API.
GCE 默认创建一个 AK,允许用户通过使用 get-shielded-identity API 来避免此过程。
There are a few ways to encrypt data using the endorsement key.有几种方法可以使用背书密钥加密数据。
Since the EK is restricted [3], you have to jump through some hoops to easily use it.由于 EK 受到限制 [3],您必须跳过一些障碍才能轻松使用它。 Restricted here means the key cannot be used for general decryption.
此处受限意味着密钥不能用于一般解密。 Rather, they are used for storage/wrapping TPM objects.
相反,它们用于存储/包装 TPM 对象。 A storage key is typically a restricted decryption key.
存储密钥通常是受限制的解密密钥。
Here are some ways you can get around this problem:以下是一些可以解决此问题的方法:
TPM2_Import has the TPM decrypt an external blob (public and private) with a storage key. TPM2_Import 让 TPM 使用存储密钥解密外部 blob(公共和私有)。 Then, the user can load that object under the storage key and use.
然后,用户可以在存储密钥下加载那个object并使用。 TPM2_Unseal returns the secret within the sealed blob.
TPM2_Unseal 返回密封 blob 中的秘密。 The flow is roughly the following:
流程大致如下:
This is all done for you in https://github.com/google/go-tpm-tools .这一切都在https://github.com/google/go-tpm-tools中为您完成。 All you need is to pass in the PEM, decode it, and parse it into a public key.
您只需要传入 PEM,对其进行解码,然后将其解析为公钥。 Then you can use
server.CreateImportBlob
.然后你可以使用
server.CreateImportBlob
。 Send the output blob to the VM.将 output blob 发送到 VM。 On the client side, use
EndorsementKeyRSA
(or EndorsementKeyECC
) to create a go-tpm-tools key.在客户端,使用
EndorsementKeyRSA
(或EndorsementKeyECC
)创建一个 go-tpm-tools 密钥。 Use key.Import
with the blob.将
key.Import
与 blob 一起使用。
Specifically, see https://pkg.go.dev/github.com/google/go-tpm-tools/server#CreateImportBlob and https://pkg.go.dev/github.com/google/go-tpm-tools/tpm2tools#Key.Import Specifically, see https://pkg.go.dev/github.com/google/go-tpm-tools/server#CreateImportBlob and https://pkg.go.dev/github.com/google/go-tpm-tools /tpm2tools#Key.Import
Note package tpm2tools
was recently renamed client, but this is not yet a public release.注意 package
tpm2tools
最近更名为客户端,但这还不是公开版本。
ActivateCredential allows you to verify a key is co-resident with another. ActivateCredential 允许您验证一个密钥是否与另一个密钥共存。 Again, while this is typically used for attestation, you can use this to create an asymmetric key pair for general decryption.
同样,虽然这通常用于证明,但您可以使用它来创建用于一般解密的非对称密钥对。
One thing you may notice is, if you only want to decrypt a few times, you can just use the challenge secret as the plaintext.您可能会注意到的一件事是,如果您只想解密几次,您可以只使用挑战密码作为明文。
You would need to stitch this together usinghttps://pkg.go.dev/github.com/google/go-tpm/tpm2/credactivation and https://pkg.go.dev/github.com/google/go-tpm/tpm2#ActivateCredential , as I don't currently know of tooling that supports this out of the box. You would need to stitch this together usinghttps://pkg.go.dev/github.com/google/go-tpm/tpm2/credactivation and https://pkg.go.dev/github.com/google/go- tpm/tpm2#ActivateCredential ,因为我目前不知道开箱即用支持此功能的工具。
[1] EK specification: https://trustedcomputinggroup.org/resource/tcg-ek-credential-profile-for-tpm-family-2-0/ [1] EK 规范: https://trustedcomputinggroup.org/resource/tcg-ek-credential-profile-for-tpm-family-2-0/
[2] Credential activation: https://github.com/google/go-attestation/blob/master/docs/credential-activation.md [2] 凭证激活: https://github.com/google/go-attestation/blob/master/docs/credential-activation.md
[3] TPM spec: https://trustedcomputinggroup.org/resource/tpm-library-specification [3] TPM 规范: https://trustedcomputinggroup.org/resource/tpm-library-specification
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.