|
|
|
|
|
|
by chimpoftheages
1108 days ago
|
|
|
It's very similar to how TPMs work. Discoverable keys were originally called resident keys because regular keys were almost always encrypted in the key handle and sent to the RP. If you don't trust a system to encrypt why would you trust it to generate keys with correct random or sign without leaking key data? The encrypted private key isn't any more likely to be a weak link than the other things a token could do wrong. |
|
|