Re: [opencryptoki-users] tpm token init
Brought to you by:
ebarretto
Menu
▾
▴
Re: [opencryptoki-users] tpm token init
|
From: Kent Y. <shp...@gm...> - 2007-04-26 19:27:19
|
Ahh, I forgot, you will need to call C_SetPIN() before the hiearchy is created (pkcsconf -c <slot> -P). I had to go back and look at the state diagram, which I've attached... Kent On 4/26/07, Andriy Stetsko <and...@gm...> wrote: > Sorry for mistake, there is a username directory, but there are no *.pem > files. > I do it under root, so > > /usr/local/var/lib/opencryptoki/tpm/root/ contains: > NVTOK.DAT TOK_OBJ/ > TOK_OBJ directory is empty > and /usr/local/var/lib/tpm/ contains > system.data > > > On 26/04/07, Kent Yoder <shp...@gm...> wrote: > > Hmm... not even under /usr/local/var/lib/tpm/$USER? > There should be > > a username directory, with each user getting his own set of root > > keys... > > > > On 4/26/07, Andriy Stetsko <and...@gm...> wrote: > > > Thanks for reply, > > > I build it without --enable-debug option and error message disappeared > :) > > > But I have further question :) Directory > > > /usr/local/var/lib/opencryptoki/tpm/ didnot include any > > > PRIVATE_ROOT_KEY.pem and PUBLIC_ROOT_KEY.pem files after I had set up > SO > > > and User PINs. > > > > > > > > > On 26/04/07, Kent Yoder < shp...@gm...> wrote: > > > > Hi Andriy, > > > > > > > > Hopefully this error is only printed with a debugging build of > > > > openCryptoki. If not, it is a bug... > > > > > > > > But this message is printed because when openCryptoki's TPM token is > > > > initialized, it looks around for the keys it uses to internally manage > > > > the TPM token's data store (one is called 'PUBLIC ROOT KEY' the other > > > > is 'PRIVATE ROOT KEY'). These keys are generated once the SO or USER > > > > establishes a PIN, so before that point (pre-token init time), they > > > > don't exist. This is fine, and part of how the TPM token works > > > > normally. Perhaps the large 'ERROR' text was a bad choice for this > > > > harmless message. :-) > > > > > > > > Kent > > > > > > > > On 4/26/07, Andriy Stetsko < and...@gm... > wrote: > > > > > Hi everybody, > > > > > I try to initialize tpm token using command > > > > > pkcsconf -I -c 0. > > > > > It returns > > > > > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT > > > KEY" > > > > > not found in the store! > > > > > What is the reason of this problem? How to solve it? > > > > > Thanks in advance. > > > > > > > > > > > > > > ------------------------------------------------------------------------- > > > > > This SF.net email is sponsored by DB2 Express > > > > > Download DB2 Express C - the FREE version of DB2 express and take > > > > > control of your XML. No limits. Just data. Click to get it now. > > > > > http://sourceforge.net/powerbar/db2/ > > > > > _______________________________________________ > > > > > opencryptoki-users mailing list > > > > > ope...@li... > > > > > > > > > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users > > > > > > > > > > > > > > > > > > > > > > -- > > > > Kent Yoder > > > > IBM LTC Security Dev. > > > > > > > > > > > > > > > > -- > > > Best regards, Andriy > > > > > > -- > > Kent Yoder > > IBM LTC Security Dev. > > > > > > -- > Best regards, Andriy -- Kent Yoder IBM LTC Security Dev. |
