TPM or OpenSSL for key generation?

The difference between using some hardware backed key store (i.e. TPM, HSM, smartcard ...) and a "pure software" solution like openssl genrsa is not so much about the security of the key generation but about the security of the key storage.

HSM and similar are designed to never actually provide the created private key but only do operations like cryptographic signatures with the key. They are designed so that the key can not be copied to some other medium, that the HSM cannot be cloned with the key inside etc. Theft of the key thus means that the hardware needs to be stolen.

Contrary to that a key generated by openssl genrsa is stored in a normal file, which can be copied without anyone noticing and thus can also be used anywhere else. Theft of the key thus can go unnoticed, since the original owner still has access to the key too. It thus provides less assurance who actually owns and uses the key.


It is a trade-off between

  • the security of storage (TPM is better, in theory it won't give off the key to anyone, it will just accept data to encrypt/sign for you with the key),
  • the security of implementation (openssl is opensource, TPM may have a nasty backdoor) and
  • the ease of use (a PEM file generated by openssl is universal, a key in TPM needs a TPM driver and a TPM-compatible application)
  • transferability (TPM won't give off the key even to another, trusted, triple-checked, president-approved TPM, it is locked forever to the machine it is generated on)