Yes I have revised your replies and successfully did the following Tspi_TPM_ActivateIdentity and Tspi_Context_RegisterKey functions with no errors as refer to [http://privacyca.com/identity.c] line 391 and 399.
However, there is an error in function d2i_X509 [line 413] where it is unable to parse the returned credential.
To my understand, this function will convert the successfully created credential in binary to X509 format.
For your information, the AIK credential is created using OpenSSL and converted to byte using i2d_X509 function and later is decrypted with the hardware TPM's Endorsement Key.
Is there anything wrong that I did? Please advice. Thank you.
From: Hal Finney <hal.finney@...>
To: starfish Trousers <lucyantie_trousers@...>
Sent: Tuesday, March 10, 2009 2:16:43 PM
Subject: Re: Question on TPM_IDENTITY_PROOF
On Mon, Mar 9, 2009 at 8:14 PM, starfish Trousers
> Hi Hal,
> Can you please advice me on the next step after I run the command
> TPM_ActivateIdentity that return SUCCESS? How do I get back the AIK
The way it is supposed to work is this. You run
Tspi_TPM_CollateIdentityRequest. This creates an identity key and also
outputs a request for an AIK credential. You send this request to a
Privacy CA. The Privacy CA creates your AIK credential but encrypts it
to your TPM's Endorsement Key. It sends you the encrypted AIK
credential. You have it, but you can't read it, because it is
encrypted. You run Tspi_TPM_ActivateIdentity, which decrypts the
encrypted value using your TPM's Endorsement Key, and decrypts the AIK
credential. The decrypted credential is returned as the last parameter
I don't know whether you are trying to use a Privacy CA which is
creating an AIK credential for you. Someone has to create it. All
Tspi_TPM_ActivateIdentity can do is to decrypt an AIK credential which
has already been created.
> In addition, do you familiar with Recover TPM Identity as suggested in the
> TCPA Specification?
I don't know what you are talking about here, could you send me a
specific section number and document name from the many TCG (TCPA)