From: Ronald T. <ron...@ia...> - 2011-03-11 14:56:59
|
Hi, First of all, the SRK is (after taking ownership) always (!) loaded in the TPM. You can get a handle to it with TcIRsaKey srk = context_.createRsaKeyObject(TcTssConstants.TSS_KEY_TSP_SRK); which is exactly what getKeyByUuid() does in case of the SRK UUID anyway. The problem with your code seems to be the TSS_SECRET_MODE_NONE in the migration policy of the key you create. This mode is not supported in jTSS (see documentation). Workaround is to us the well known secret here too. Have a nice weekend, Ronald On 03/11/2011 03:04 PM, Mudassar Aslam wrote: > Hi > > SRK secret is one thing, I am actually unable to load srk instance using > context. Is it possible to load SRK even if it is not registered in system > PS (this is where I think take_ownership is required)? > > Well, I tried to create another key with SRK being its parent key. I used > following code but get error "No secret set for this policy object" when I > call createKey(srk, null). Obviously because SRK is not registered. > > > > /*KEY CREATION*/ > > //Parent key SRK > TcIRsaKey srk = > context.getKeyByUuid(TcTssConstants.TSS_PS_TYPE_SYSTEM,TcUuidFactory.getInstance().getUuidSRK()); > TcIPolicy srkPolicy = > context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE); > srkPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1, > TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET) ); > srkPolicy.assignToObject(srk); > > > /*Binding Key*/ > // Create an empty binding key object > long keyAttributes = TcTssConstants.TSS_KEY_SIZE_2048 | > TcTssConstants.TSS_KEY_TYPE_BIND | > TcTssConstants.TSS_KEY_VOLATILE | > TcTssConstants.TSS_KEY_NOT_MIGRATABLE | > TcTssConstants.TSS_KEY_NO_AUTHORIZATION; > //default > > TcIRsaKey bindKey = context.createRsaKeyObject(keyAttributes); > > // Bind key usage policy > TcIPolicy bindKeyPolicy = > context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE); > bindKeyPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN, > Define.BIND_KEY_SECRET); > bindKeyPolicy.assignToObject(bindKey); > > // Bind key migration policy (just to avoid popup) > TcIPolicy bindKeyMigrationPolicy = > context.createPolicyObject(TcTssConstants.TSS_POLICY_MIGRATION); > bindKeyMigrationPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_NONE, > null); > bindKeyMigrationPolicy.assignToObject(bindKey); > > //Parent key SRK > bindKey.createKey(srk, null); > > > Regards. > Mudassar. > > > ------------------------------------------------------------------------------ > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit > for your organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |