hello hal, i was reading another thread about verifying the quote:
with regards to this call:
&BlobLength is an unsigned int, and &BLOB a BYTE array. Please correct me if i'm wrong, BLOB would be a BIGNUM, and BlobLength the length of BLOB. However, when i print out BlobLength, it seems too large (4131212846) for BLOB. and when i tried to verify if the exponent is 65537 by calling GetAttribData with the flag TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT instead, the length of the BIGNUM is also very huge (134516825).
thanks - adrian
On Fri, Oct 10, 2008 at 3:08 AM, Hal Finney <firstname.lastname@example.org> wrote:
Hi Adrian -
One thing to keep in mind on Quote. For a Quote to be truly
meaningful, the verifier needs to be confident that it is a TPM key -
that is, that the private key is protected by the TPM and will never
be readable outside the TPM. This basically means that it must be a
non-migratable key, and it must have been generated on the TPM. Note,
this is not enough by itself, there are a lot of other requirements
that might have to be met, depending on the situation.
I am not familiar with any openssl create_tpm_key() function. If it
generates the key on the TPM, that might be suitable; but if it
generates an off-chip key and then loads that onto the TPM, it would
not be appropriate.
For the other approach, generating a key on the TPM and then getting
an X.509 certificate for it, keep in mind that an X.509 certificate is
a rather inconvenient object for passing around keys. The only reason
people use it is because it's what everyone uses. An X.509 cert does
not just hold a key, it also has some kind of name or identity field,
and further, it has a signature by (generally) some other key which
binds the target key and target identity information. It's a very
complex object. If all you want to do is to tell the other guy your
public key, I'd probably suggest rolling your own format and just send
the modulus in some form. But if you have to be X.509 compatible then
you'll have to go through a lot of work.
The first step (after generating the key) would be to read the key
Once you have the modulus, you could insert it into an openssl RSA
structure, and set the exponent field in that struct to 65537. From
there, you will need to assemble an openssl X509 certificate
structure, and then ultimately call the openssl X509_sign() function.
Frankly, I don't understand how people manage to use openssl. There's
no documentation for any of this stuff, that I can find! I always have
to study the openssl source code to figure out how to use it, on those
rare occasions when I am forced by circumstances to do so. Consider
even something as mundane as creating an RSA key and creating a valid
X.509 certificate to hold it. Forget about the TPM, just think about
doing that step. The functionality exists in the openssl library to
accomplish this, but I don't know of a single piece of documentation
that tells how. (There do exist various HOWTOs across the web on how
to do it from the openssl command line, but I haven't found anything
about using the library.)
Anyway, the bottom line is that generating the TPM key is easy.
Creating X.509 certificates is hard. If you can figure out how to
create X.509 certs, without involving the TPM, maybe with help from
people on the openssl mailing lists, then it will be easy to modify
that program to create the key on the TPM, copy the modulus field into
whatever openssl structure needs it, and you're good to go.
On Wed, Oct 8, 2008 at 8:22 PM, adrian golding <email@example.com> wrote:
> hello, with the Tspi_TPM_Quote01.c example and as a starting point, if i
> want to let a remote party verify the quote, and i intend to send the
> TSS_VALIDATION object as well as a certificate of my public key (self-signed
> for now) over. How do i either:
> 1) create keys using openssl's create_tpm_key and load the key into my
> quoting application before it signs the PCR?
> 2) using the Tspi_Key_CreateKey function in Tspi_TPM_Quote01.c to generate
> the keys, and create a certificate with my public key so i could send it to
> the remote party?
> which way would be more encouraged?
> thanks - adrian