You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The StartAuthSession method allows to set the symmetric parameter and therefore enable parameter encryption, even if tpmKey and bind are nil (or the bind object has no authValue set). But in these cases the session key is empty, which means the encryption key for the parameter encryption is quasi-public, because all data to calculate the encryption key has been transferred in clear text. If there are no valid use-cases, I would recommend to fail, when symmetric is set, but the session key is empty.
(I would have used symmetric with both tpmKey and bind set to nil, and falsely assumed it's using an ephemeral but secure encryption key then. I only noticed my mistake, because I wanted to know how the ephemeral key exchange exactly works.)
The text was updated successfully, but these errors were encountered:
The
StartAuthSessionmethod allows to set thesymmetricparameter and therefore enable parameter encryption, even iftpmKeyandbindarenil(or the bind object has noauthValueset). But in these cases the session key is empty, which means the encryption key for the parameter encryption is quasi-public, because all data to calculate the encryption key has been transferred in clear text. If there are no valid use-cases, I would recommend to fail, whensymmetricis set, but the session key is empty.(I would have used
symmetricwith bothtpmKeyandbindset tonil, and falsely assumed it's using an ephemeral but secure encryption key then. I only noticed my mistake, because I wanted to know how the ephemeral key exchange exactly works.)The text was updated successfully, but these errors were encountered: