• caglararli@hotmail.com
  • 05386281520

TPM: signing key or Attestation Identity Key?

Çağlar Arlı      -    5 Views

TPM: signing key or Attestation Identity Key?

I am dealing with the TPM right now and do not get why there is a need for an extra signing key. Instead one could use one of the Attestation Identity Keys (AIKs) for signing as well?! Using different keys shall be good practice but I would like to get a more detailed view on that issue.

I figured out that one advantage is that the signing key can be migratable. So changing the plattform/tpm would not necessarily end in revoking the created certificates.

Are there further reasons for a separate signing key?