In my previous post we were implementing 2FA on SSH so you can login via password and/or key and with a extra token for more security. One other thing that comes with security, especially on laptops, is handling private data like keys, password and certificates. On most laptops that are intended for business work contain a so called TPM chip, or the Trusted Platform Module chip.
In this guide we will create a SSH key that is signed by the TPM. Via this way the key is known as “Trusted” and therefore cannot be forged in whatever way possible. The guide is aimed at Arch Linux but the tools that are installed are in general available for other Linux distro’s as well using the default repo’s or addon repo’s. This post covers the basic method of key signing using the TPM and offers a trusted way to generate keys. I will investigate the other method by creating trusted keys where you save the keys itself in the TPM, that will be covered in a future post!
Also using the TPM module to sign the keys makes sure that the keys are genuine and cannot be forged or modified by software on the machine which can be performed when creating keys using a software solution only. Using a SSH key that is signed by the TPM instead of software only indicates that the key has been generated without forging possibilities and marks the key as safe or “Trusted” as it cannot be altered or changed.
What is a TPM and what can it do?
The TPM is a module that offers secure generation of keys and the storage of those keys as well as limiting access to the keys. It also functions as a RNG (Random Number Generator). The TPM can also be used for disk encryption, the module will not encrypt the data itself but will function as a secure storage for the signing keys that are generated when configuring the encryption, Microsoft is using it this way for it’s BitLocker encryption software, but others like dm-crypt can use it this way as well.
It can also be used to save passwords itself, the password itself doesn’t have to be secure (although that’s stupid) but since it’s a hardware module a dictionary attack can be prevented this way as the hardware can block access to the TPM after a certain threshold.
This is just a summary, a more detailed explanation of the TPM and it’s use can be found on the Wikipedia article here.
In order to take use of the TPM module we need to install a set of tools:
yaourt -Sy tpm-tools tpmmanager trousers simple-tpm-pk11-git opencryptoki
So, what are we installing above:
trousers is the TPM software that handles the interaction between the user and the TPM and is the so-called TCS (Trusted Computing Software).
tpm-tools is a set of commandline utilities for communicating with the TPM (via trousers).
tpmmanager provides a GTK GUI for operation and handling the TPM.
simple-tpm-pk11-gitis the software to create and store SSH-keys via the TPM module.
opencryptoki is the PKCS#11 implementation for Linux.
Starting the TCS daemon:
In order to communicate with the TPM we need to enable and start the TCS daemon (tcsd):
systemctl enable tcsd.service
systemctl start tcsd.service
Enabling the TPM:
In order to use the TPM module we need to enable it in the BIOS, the instructions vary per vendor so for specifics you should refer to the manual of your model.
This step only applies if you have never used the TPM module before. If you have already configured your TPM and took ownership of it you can continue at the “Creating and securing a SSH key” part.
Testing the TPM:
If you have enabled the TPM we want to make sure that it works and is accessible, you can run the following command:
It should return output like this:
TPM Test Results: 0000
It may output other codes, the zeroes indicate that the selftest went okay in this case!
Taking ownership of the TPM:
In order to use the TPM you need to take ownership of it, this may sound very bossy but in this case you need to take over control of the TPM in order to store your own personal information in it in which this approach makes sense.
To take ownership of the TPM, run the following command:
It will then ask for a password like below:
Enter owner password:
Enter SRK password:
The first set of passwords is the password you set on the TPM. The second password set is the password for signing the SRK (Storage Root Key) and is the unique key that is generated when taking ownership of the TPM.
It’s wise to use different passwords here so if one takes over the TPM they cannot access the root key itself due to a different password!
Creating and securing a SSH key:
We’ve installed the “simple-tpm-pk11” package which can help us creating a SSH key and secure it using the TPM. The basic idea is that the SSH key will be created and signed using the TPM module. The TPM seals the keys using a 2048-bit RSA key called the storage root key (SRK).
First we need to create a directory to store the PKCS11 key in:
Now generate a new key using the PKCS11 mechanism and the TPM, if you did not set a password on the SRK you can issue the following command:
stpm-keygen -o ~/.simple-tpm-pk11/my.key
If you have signed the SRK with a password you need to change the command to:
stpm-keygen -s -o ~/.simple-tpm-pk11/my.key
The output will look like below (and the SRK pin option is only shown if you have signed the SRK with a password):
Enter SRK PIN:
Modulus size: 256
Exponent size: 3
Blob size: 559
Create a configfile which points to the key:
If you don’t have a password set on the SRK insert the following and save it:
If you have set a password on the SRK you need to insert the following and save it:
In my opinion leaving the password just there sucks a bit regarding security and the use of the TPM. But as this file is created within your homedir it is not accessible by other users and only for you and root.
We also need to configure SSH to use the PKCS11 provider:
And insert the following into the file and save it:
Now that we have a private key created we can use this private key against the TPM and create a public key which can be used for SSH authentication, for this we need the PKCS11 library again:
ssh-keygen -D /usr/lib/libsimple-tpm-pk11.so
This should result in a public key being generated like below:
If you receive the following error you have either a incorrect or corrupt private key or a SRK pin is active but not set in the PKCS11 config:
C_GetTokenInfo failed: 6
cannot read public key from pkcs11
The generated public key can be put on different Linux systems in the authorized_keys keys file in that users homedir/.ssh folder so that you can access that machine using public key authentication.
Note that you can only have 1 public key created using the earlier created private key, you should decide if 1 key is enough for your usage criteria.
4 responses to “Using the TPM module for SSH key signing”
TPM is a secret weapon in security that has been deployed on about 2.5 billion PCs.
very nicely done.
I sense some sarcasm in your reply, can you explain why that is?
Awesome, nice work. How about for SSL client certificates in chrome?
At this point I don’t know how to implement this for SSL certificates in Chrome. As the certificates itself are not stored in the TPM. It is interesting how the TPM would be able to secure certain SSL certificates / requests in a browser. There’s not much info about this I’m afraid…