From: Hal F. <hal...@gm...> - 2010-09-03 18:24:05
|
Hi Chloe, that is a good question. Answer inline: On Friday, September 3, 2010, chloé Fouquet <fou...@gm...> wrote: > Hi, > I don't understand how a credential for an AIK can be provided. If I create an AIK,Ki-Ki-1 and call Collate Identity with a CaPubKey from a key-pair that is mine. I'm able to get the TPM credential. Now what prevent me to create a new IdentityRequestBlob, using a personal key pair K-K-1 and send it to a Certificat Authority ? The latter will verify my TPM credential and send me back a credential for the key K. You are correct up to here. However the next step will not work: > Now I decrypt this credential with ActivateIdentity and the parameter Ki. The TPM will decrypt the message and give me the credential because it will think that it is for Ki but it is for K. The reason this fails is that the CA encrypts a message in a special format to the TPM Endorsement Key. It includes the decryption key for the encrypted AIK Credential; but it also includes a hash of the AIK that was sent to the CA to be certified. The TPM will only perform the decryption if this hash matches the AIK passed in to ActivateIdentity (and it also verifies that the key is a valid AIK). In your case, the CA will encrypt the hash of K to the TPM, so when you call ActivateIdentity with Ki the TPM will see that it doesn't match the encrypted hash, and refuse to do the decryption. > And after that I can use K to sign false PCR values and another party will think that I'm using a right AIK... > Is the signature of the public AIK by the endorsement key not missing in the operation CollateIdentity ? > I don't understand why using CollateIdentityRequest and ActivateIdentity we can be sure that the private key of the AIK is inside the TPM... > > Thanks for looking > > Chloé Hal Finney |