I’m trying to make notes about the TPM and what it does. More specifically I’m looking at the 3 RSA key pairs: the ‘endorsement key’, the ‘storage root key’ and the ‘attestation identity key’.
This is what I have written so far:
The ‘Endorsement Key’ is an RSA key pair where any data sent to another device is encrypted using the private key and the receiving device decrypts it with the public key, so it knows the data is trusted. This is created when the TPM is manufactured (not user-specific)
The ‘Storage Root Key’ is a pair of RSA keys within the TPM and is used to protect TPM protected keys created by applications and stored outside of the TPM, so that these keys cannot be used without the TPM. It’s created when you take ownership of the TPM (If user changes so does the key)
However, I am now trying to research the use of the attestation identity key but don’t understand how it is different from the endorsement key? If anyone could explain in simple terms because this is all new to me I would greatly appreciate it 🙂
Does Apple’s T2 chip have an endorsement key (or equivalent mechanism) to prove that another T2 key can only be used inside the secure enclave? We are looking for something like what a TPM provides so that a remote system can be assured that the key in use is secured by the T2 chip.
I’ve passed Stage 1 of the Tier 1 Exceptional Promise visa. I received my letter notifying I had passed on Feb 3rd and it’s valid for three months, so as I understand it, I must have Stage 2 of the application completed by May 3rd. I applied online on April 6th and scheduled my biometrics appointment for the earliest available date, April 15th. But with the March 29th suspension of biomentric services at all Application Support Centers in the US, it looks like I’ll be lucky if I get my application, passport, letter of endorsement, etc sent to NY before that May 3rd deadline. But as long as the package containing all those important materials including the letter reach NY before May 3rd, the letter should still be good even if nobody in their office opens the envelope until after May 3rd, correct?
I am new to hyperledger. Have installed hyperledger 1.4. I use the composer to create .bna file and have been successful in installing it to a two org business network. I had used a specific endorsement policy on the install. I would like to update the policy. Is there a way to do it without having to install a new version of network? Endorsement policy is given during network start. How do I stop the existing business network and start it again with new endorsement policy?