I’m curious about the possible uses of the hardware Trusted Protection Module for automatic login or transfer encryption. I’m not really looking to solve anything or pry. I’m just curious about the use cases as I’m exploring network attached storage and to a lesser extent self hosting. I see a lot of places where public private keys are generated and wonder why I don’t see people mention generating the public key from TPM where the private key is never accessible at all.
I use it in combination with an SSH CA for SSH access. The certificate identifies me, and TPM identifies my device, and the key material can’t be read without some rather annoying surgery and signal probing that doesn’t really exist in my thread model. The certificate allows me to only distribute one single key for all my devices, so I don’t need to bother with copying files or transmitting long lists of trusted public keys to every server.
I know it’s possible to use the TPM for PKCS11 auth, next time I’m messing with that I’m probably using my TPM for that too.