Chapter 4. Protecting GPG Keys with a Trusted Platform Module
After our investigation into BBB hardware security, we'll now use that technology to protect your personal encryption keys for the popular GPG software. GPG is a free implementation of the OpenPGP standard. This standard was developed based on the work of Philip Zimmerman and his Pretty Good Privacy (PGP) software. PGP has a complex socio-political backstory, which we'll briefly cover before getting into the project. For the project, we'll treat the BBB as a separate cryptographic co-processor and use the CryptoCape, with a keypad code entry device, to protect our GPG keys when they are not in use.
Specifically, we will do the following:
- Tell you a little about the history and importance of the PGP software
- Perform basic threat modeling to analyze your project
- Create a strong PGP key using the free GPG software
- Teach you to use the TPM to protect encryption keys
