What happens when I unseal a sealed piece of data in TPM? Does the sealed data still exist?
For example, I have a handle to sealed data hSealedData
, and I do TPM_Unseal(hSealedData,...)
twice in a row. Will both calls return the same unsealed data?
I couldn't find documentation about this.
What happens is that the current PCR values will be compared to the PCR values recorded at the time of sealing and, if they match, the object will be decrypted and sent back. Nothing will happen to the sealed data as the sealed data is not stored in the TPM, it is returned to the user at the time of sealing.