Bottomley: Using Your TPM as a Secure Key Store

James Bottomley has posted atutorial on using the trusted platform module to store cryptographickeys. "The main thing that came out of this discussion was that alot of this stack complexity can be hidden from users and we shouldconcentrate on making the TPM 'just work' for all cryptographic functionswhere we have parallels in the existing security layers (like thekeystore). One of the great advantages of the TPM, instead of messingabout with USB pkcs11 tokens, is that it has a file format for TPM keys(I'll explain this later) which can be used directly in place of standardprivate key files."