Key Name


Endorsement Key (EK)

A key-pair based on RSA algorithm; imposed by TPM manufacturer to identify uniquely TPM.

Storage Root Key (SRK)

A non-transferable key generated by the platform owner to serve as the root key in the hierarchy of keys associated with the TPM.

Attestation Identity Key (AIK)

Used for attestation and identification of a TPM (i.e. activated mode). Trusted third party can create identity certificate by signing public key part of AIK.

Signing Key

Used by the system to sign messages.

Storage Key

Used to encrypt and decrypt other keys. (using RSA)

Identity Key

Used for operations that requires TPM identity.

Binding Key

Used for Unbind operations to decrypt a data.