Key Name | Purpose |
Endorsement Key (EK) | A key-pair based on RSA algorithm; imposed by TPM manufacturer to identify uniquely TPM. |
Storage Root Key (SRK) | A non-transferable key generated by the platform owner to serve as the root key in the hierarchy of keys associated with the TPM. |
Attestation Identity Key (AIK) | Used for attestation and identification of a TPM (i.e. activated mode). Trusted third party can create identity certificate by signing public key part of AIK. |
Signing Key | Used by the system to sign messages. |
Storage Key | Used to encrypt and decrypt other keys. (using RSA) |
Identity Key | Used for operations that requires TPM identity. |
Binding Key | Used for Unbind operations to decrypt a data. |