23Oca
How to prove private key stored in TPM
I am implementing a client that generates a CSR, sends it to my own CA service, and the CA issues a certificate for that CSR. In this process, I need to verify that the csr is trusted, generated by the TPM, and not self-signed by the client. I understand that AIK (Attestation Identity Key) seems to meet this requirement, but how exactly is AIK implemented?
