Re: [Trustedjava-support] How to set SRK secret to TSS_WELL_KNOWN_SECRET

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

First of all, the SRK is (after taking ownership) always (!) loaded in
the TPM.
You can get a handle to it with

TcIRsaKey srk = context_.createRsaKeyObject(TcTssConstants.TSS_KEY_TSP_SRK);

which is exactly what getKeyByUuid() does in case of the SRK UUID anyway.

The problem with your code seems to be the TSS_SECRET_MODE_NONE in the
migration policy of the key you create.
This mode is not supported in jTSS (see documentation). Workaround is to
us the well known secret here too.

Have a nice weekend,
Ronald

On 03/11/2011 03:04 PM, Mudassar Aslam wrote:
>  Hi
>
>  SRK secret is one thing, I am actually unable to load srk instance using
>  context. Is it possible to load SRK even if it is not registered in system
>  PS (this is where I think take_ownership is required)?
>
>  Well, I tried to create another key with SRK being its parent key. I used
>  following code but get error "No secret set for this policy object" when I
>  call createKey(srk, null). Obviously because SRK is not registered.
>
>
>
>  /*KEY CREATION*/
>
>               //Parent key SRK
>               TcIRsaKey srk =
>  context.getKeyByUuid(TcTssConstants.TSS_PS_TYPE_SYSTEM,TcUuidFactory.getInstance().getUuidSRK());
>               TcIPolicy srkPolicy =
>  context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
>               srkPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1,
>  TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET) );
>               srkPolicy.assignToObject(srk);
>
>
>               /*Binding Key*/
>               //    Create an empty binding key object
>               long keyAttributes =      TcTssConstants.TSS_KEY_SIZE_2048 |
>                                    TcTssConstants.TSS_KEY_TYPE_BIND |
>                                    TcTssConstants.TSS_KEY_VOLATILE |
>                                    TcTssConstants.TSS_KEY_NOT_MIGRATABLE |
>                                    TcTssConstants.TSS_KEY_NO_AUTHORIZATION;
>  //default
>
>               TcIRsaKey bindKey = context.createRsaKeyObject(keyAttributes);
>
>               // Bind key usage policy
>               TcIPolicy bindKeyPolicy =
>  context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
>               bindKeyPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
>  Define.BIND_KEY_SECRET);
>               bindKeyPolicy.assignToObject(bindKey);
>
>               // Bind key migration policy (just to avoid popup)
>               TcIPolicy bindKeyMigrationPolicy =
>  context.createPolicyObject(TcTssConstants.TSS_POLICY_MIGRATION);
>               bindKeyMigrationPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_NONE,
>  null);
>               bindKeyMigrationPolicy.assignToObject(bindKey);
>
>               //Parent key SRK
>               bindKey.createKey(srk, null);
>
>
>  Regards.
>  Mudassar.
>
>
>  ------------------------------------------------------------------------------
>  Colocation vs. Managed Hosting
>  A question and answer guide to determining the best fit
>  for your organization - today and in the future.
>  http://p.sf.net/sfu/internap-sfd2d
>  _______________________________________________
>  Trustedjava-support mailing list
>  Tru...@li...
>  https://lists.sourceforge.net/lists/listinfo/trustedjava-support

-- 
Dipl.-Ing. Ronald Tögl          phone +43 316/873-5502
Secure and Correct Systems      fax   +43 316/873-5520
IAIK                            ron...@ia...
Graz University of Technology   http://www.iaik.tugraz.at