The current implementation of file backend uses an encryption key derived from the user's login password. Security wise this not an ideal situation. Because, the entire security of the file backend relies on the user's login password (single point of failure). This situation can be improved if the keys are protected/generated by hardware. A Trusted Platform Module (TPM) is a such hardware security module found in modern computer systems.

The new EGG_TPM2 API based on the TSS Enhanced System API (ESAPI)

1
2
3
4
5
6
7

EggTpm2Context *egg_tpm2_initialize               (GError **);
void           egg_tpm2_finalize                  (EggTpm2Context *);
GBytes         *egg_tpm2_generate_master_password (EggTpm2Context *,
		                                   GError **);
GBytes         *egg_tpm2_decrypt_master_password  (EggTpm2Context *,
		                                   GBytes *,
						   GError **);