What happens to the sealed object when unsealing it in TPM?

1.1k views Asked by At

What happens when I unseal a sealed piece of data in TPM? Does the sealed data still exist?

For example, I have a handle to sealed data hSealedData, and I do TPM_Unseal(hSealedData,...) twice in a row. Will both calls return the same unsealed data?

I couldn't find documentation about this.

1

There are 1 answers

4
mnistic On BEST ANSWER

What happens is that the current PCR values will be compared to the PCR values recorded at the time of sealing and, if they match, the object will be decrypted and sent back. Nothing will happen to the sealed data as the sealed data is not stored in the TPM, it is returned to the user at the time of sealing.