Early questions for potential user


#1

Hello

I’m considering investing in a Zymbit, possibly several, longer term, but have a bunch of elementary questions and I hope the community can assist.

My understanding of this tech comes from TPMs. Essentially I understand the devices to be able to store secrets, in particular symmetric keys and private keys. So I can request a secret to encrypt and decrypt a payload, or I can ask for a payload to be signed. All without access to the keys.
Is Zymbit the tool for this?

Long ago I setup a TPM emulator in software and made it available via a network connection. From another machine I could use client software to talk to it and ask it to do stuff. I think it was software called TrouSerS. I can’t quite recall.

So if I had a Zymbit in my Pi can it be setup to be initialised on that device and be run as accessible via a network and be asked to sign and encrypt/decrypt stuff?
I reviewed the API docs but am a bit stuck as none of the languages provided are my expertise (though I could longer term fix that). Is there are command line client available for slightly higher level interaction?

One oddity that occurs to me just as I write this is how to secure the data over the network between a client and the zymbit “server”…

Is this not quite making sense? Is the network connectivity more usefully supplied by a tunnel of some sort, like with ssh?
Lastly if a Zymbit is storing secrets, redundancy would require more than one? Would the need to use multiple instances in such a way need a system built out to manage how the secrets are used etc, or is Zymbit smart enough to be configured as part of a redundant system?

Many thanks and appreciate any comments that may assist.

r.