# Editing TPM

**Warning:** You are not logged in.

The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision | Your text | ||

Line 17: | Line 17: | ||

The only significant functions a TPM chip can do are hashing of a block of data, encryption/decryption of a block of data using a PKI keypair, signing a block of data using a PKI keypair and secure storage of a PKI keypair. Contrary to some views (such as the one presented earlier in this article), the TPM is not a DRM system in and of itself nor does it 'lock down your computer', although it CAN be used to do this with software (which can be in the BIOS). | The only significant functions a TPM chip can do are hashing of a block of data, encryption/decryption of a block of data using a PKI keypair, signing a block of data using a PKI keypair and secure storage of a PKI keypair. Contrary to some views (such as the one presented earlier in this article), the TPM is not a DRM system in and of itself nor does it 'lock down your computer', although it CAN be used to do this with software (which can be in the BIOS). | ||

− | But first, a little discussion of PKI keys. PKI (aka Public Key Infrastructure) is an encryption system that uses two keys: a public and private key. In normal encryption systems, the 'key' is a password or PIN of some kind. The same key is used to encrypt AND decrypt, so once someone knows your key, the encryption is defeated. With PKI however, the two keys are | + | But first, a little discussion of PKI keys. PKI (aka Public Key Infrastructure) is an encryption system that uses two keys: a public and private key. In normal encryption systems, the 'key' is a password or PIN of some kind. The same key is used to encrypt AND decrypt, so once someone knows your key, the encryption is defeated. With PKI however, the two keys are complimentary. If you encrypt something with the public key - ONLY the private key can decrypt it, and only the public key can decrypt something encrypted with the private key. There is no known way to derive a public key from the private key or vice versa. |

What this means is that if I create a key pair (a public and matching private key), I can keep the private key totally to myself (ie: private) and use it to encrypt files - then give you the public key to decrypt them without compromising my private key. Why is this useful? Because ONLY the matching public key can decrypt the file. So if my public key decrypts a file - you know, absolutely, that I encrypted it. Also, if you use MY public key to encrypt a file, you can post it publically because you know only I can decrypt it with my private key. | What this means is that if I create a key pair (a public and matching private key), I can keep the private key totally to myself (ie: private) and use it to encrypt files - then give you the public key to decrypt them without compromising my private key. Why is this useful? Because ONLY the matching public key can decrypt the file. So if my public key decrypts a file - you know, absolutely, that I encrypted it. Also, if you use MY public key to encrypt a file, you can post it publically because you know only I can decrypt it with my private key. |