Techniques are disclosed relating to securely receiving and storing credentials. In some embodiments, a computing device includes an application executable to supply a credential to an external system. A secure circuit of the computing device is configured to send, to a credential storage, a request for the credential, the request including a first certificate identifying a first public key and a stipulation to perform a user authentication before permitting use of a first private key corresponding to the first public key. The secure circuit receives, from the credential storage, the credential encrypted using the first public key and, based on the stipulation, performs the user authentication prior to decrypting the credential and supplying it to the application. In some embodiments, the secure circuit receives the first certificate by providing information about hardware included in the computing device to a hardware verification service.
展开▼
