Editing Trusted Computing (section)

===Trust===
In the widely used [[public-key cryptography]], creation of keys can be done on the local computer and the creator has complete control over who has access to it, and consequentially their own [[security policy|security policies]].<ref>[http://grouper.ieee.org/groups/1363/ "IEEE P1363: Standard Specifications For Public-Key Cryptography", Retrieved March 9, 2009.] {{Webarchive|url=https://web.archive.org/web/20141201024245/http://grouper.ieee.org/groups/1363/ |date=December 1, 2014 }}</ref>  In some proposed encryption-decryption chips, a private/public key is permanently embedded into the hardware when it is manufactured,<ref>{{Cite web|url=https://doi.org/10.1145/945445.945464|title=Terra: a virtual machine-based platform for trusted computing|first1=Tal|last1=Garfinkel|first2=Ben|last2=Pfaff|first3=Jim|last3=Chow|first4=Mendel|last4=Rosenblum|first5=Dan|last5=Boneh|date=October 19, 2003|publisher=Association for Computing Machinery|pages=193–206|via=ACM Digital Library|doi=10.1145/945445.945464|s2cid=156799 }}</ref> and hardware manufacturers would have the opportunity to record the key without leaving evidence of doing so. With this key it would be possible to have access to data encrypted with it, and to authenticate as it.<ref>These are the functions of the private key in [http://www.di-mgt.com.au/rsa_alg.html the RSA algorithm]</ref>  It is trivial for a manufacturer to give a copy of this key to the government or the software manufacturers, as the platform must go through steps so that it works with authenticated software.

Therefore, to trust anything that is authenticated by or encrypted by a TPM or a Trusted computer, an [[end user]] has to trust the company that made the chip, the company that designed the chip, the companies allowed to make software for the chip, and the ability and interest of those companies not to compromise the whole process.<ref>{{cite web |last1=Sullivan |first1=Nick |title=Deploying TLS 1.3: the great, the good and the bad (33c3) |url=https://www.youtube.com/watch?time_continue=1533&v=0opakLwtPWk |website=media.ccc.de |date=27 December 2016 |publisher=YouTube |access-date=30 July 2018}}</ref>  A security breach breaking that chain of trust happened to a [[SIM card]] manufacturer [[Gemalto]], which in 2010 was infiltrated by US and British spies, resulting in compromised security of cellphone calls.<ref>{{Cite web |url = https://firstlook.org/theintercept/2015/02/19/great-sim-heist |title = The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle |date = 2015-02-19 |access-date = 2015-02-27 |website = firstlook.org}}</ref>

It is also critical that one be able to trust that the hardware manufacturers and software developers properly implement trusted computing standards. Incorrect implementation could be hidden from users, and thus could undermine the integrity of the whole system without users being aware of the flaw.<ref name="schoen-promise-risk">[http://pascal.case.unibz.it/handle/2038/871 Seth Schoen, "Trusted Computing: Promise and Risk", ''COSPA Knowledge Base: Comparison, selection, & suitability of OSS'', April 11th, 2006.] {{Webarchive|url=https://web.archive.org/web/20090319043100/http://pascal.case.unibz.it/handle/2038/871 |date=2009-03-19 }}</ref>