|
|
|
|
|
|
by cryptonector
738 days ago
|
|
|
Discrete (i.e., chip) TPMs (dTPMs) are slow. They are way too slow to use as HSMs. Firmware TPMs (fTPMs) are faster, but I doubt they're really fast enough to use as an HSM. There are TPM APIs for Java, so you can do this, but it's not surprising that the Java keystore providers lack builtin support because of the performance issues. Ideally fTPMs should come with EKcerts and platform certificates and they would be very fast and as secure as (more so than) dTPMs. Then using fTPMs as HSMs might take off. |
|
|