tpm4java-users Mailing List for tpm4java (Page 2)
Brought to you by:
tews
Menu
▾
▴
tpm4java-users — General discussions about tpm4java
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(16) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(1) |
Feb
(2) |
Mar
(8) |
Apr
(4) |
May
(2) |
Jun
(4) |
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
(5) |
Mar
|
Apr
(4) |
May
(4) |
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
|
Feb
|
Mar
(1) |
Apr
(2) |
May
(4) |
Jun
|
Jul
(5) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Cyril D. <cyr...@gm...> - 2008-02-25 20:53:44
|
On Mon, Feb 25, 2008 at 10:04 AM, Frederic Stumpf <st...@se...> wrote: > Hi Cyril, > > keys are not normally stored inside the TPM. They are encrypted by the > SRK, which always remains under protection of the TPM. The encrypted key > blob is returned to the software stack after it has been encrypted with > the SRK. The software stack should then store the encrypted key blob > anywhere on the hard disk. > > If you want to load a key back into the TPM after doing a reboot of your > machine, the software stack should deliver the encrypted key blob to the > TPM. If you need any information regarding that issue I suggest to look > at the TPM_CreateWrapKey command of the TCG specs. > > Cheers, > Frederic > OK. Well, so far, as I use tpm4java directly (no extra TSS), I play the role of the TSS and uses a Windows startup script using TPM_CreateWrapKey and TPM_LoadKey to "deliver the encrypted key blob to the TPM" whenever Windows XP reboots. Danke, -- Cyril |
|
From: Frederic S. <st...@se...> - 2008-02-25 09:26:48
|
Hi Cyril, unfortunately, there is no example code for that issue. We are planning to publish the source code for an attestation but this will take a while. Until then, I suggest to use the LowLevel Interface and to look at TSSCoreService.java where the TPM_Quote command is implemented. The command simply computes an RSA signature on the Nonce and the PCRs and delivers the signature back. To verify if a platform is trustworthy the challenger should then do the following: (i) verify if the signature is valid (ii) verify if the AIK certificate is valid (iii) validate if the processes inside the Stored Measurement Log (SML) are declared trusted (iv) recompute the PCRs based on the SML If you need further information about how to declare if a platform is trusted, I suggest to look at the Architecture Overview document of the TCG. Cheers, Frederic On Sat, 2008-02-16 at 23:17 +0100, Cyril DANGERVILLE wrote: > Hello, > I followed your example on AIK generation, and ended up with the > attest.dat file that contains the output of the attestPcrs() function. > But I am not sure how to deal with it from the verifier's side. Do you > have any example code or tip regarding how to verify the attest.dat > file (or the output of the TPM_Quote which amounts to the same thing), > given a public key (which format?) and the file containing the "quote" > (which format?) ? > > Thank you again ;) > -- > Cyril Dangerville > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Tpm4java-users mailing list > Tpm...@li... > https://lists.sourceforge.net/lists/listinfo/tpm4java-users > -- Frederic Stumpf phone: +49 6151 16 7015 TU Darmstadt -- Department of Computer Science fax: +49 6151 16 3514 Research Group IT-Security eMail: st...@se... |
|
From: Frederic S. <st...@se...> - 2008-02-25 09:03:44
|
Hi Cyril, keys are not normally stored inside the TPM. They are encrypted by the SRK, which always remains under protection of the TPM. The encrypted key blob is returned to the software stack after it has been encrypted with the SRK. The software stack should then store the encrypted key blob anywhere on the hard disk. If you want to load a key back into the TPM after doing a reboot of your machine, the software stack should deliver the encrypted key blob to the TPM. If you need any information regarding that issue I suggest to look at the TPM_CreateWrapKey command of the TCG specs. Cheers, Frederic On Sat, 2008-02-16 at 23:10 +0100, Cyril DANGERVILLE wrote: > Hello, > I am facing a keystore issue: > When I successfully load keys into the TPM with tpm4java, I lose all > of them as soon as I reboot my computer. > Is there any way to keep them from being evicted? > > By reading the TPM Commands spec, I found out that this was possible > with the TPM_KeyControlOwner command: > Start of informative comment: > 3995 This command controls some attributes of keys that are stored > within the TPM key cache. > 3996 OwnerEvict: If this bit is set to true, this key remains in the > TPM non-volatile storage > 3997 through all TPM_Startup events. The only way to evict this key is > for the TPM Owner to > 3998 execute this command again, setting the owner control bit to > false and then executing > 3999 TPM_FlushSpecific. > 4000 The key handle does not reference an authorized entity and is not > validated. > 4001 End of informative comment. > -- > However, this is not implemented (yet?) in tpm4java, as far as I can see. > Do you have any tip on fixing this issue? > Thank you. > > Regards, > -- > Cyril Dangerville > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Tpm4java-users mailing list > Tpm...@li... > https://lists.sourceforge.net/lists/listinfo/tpm4java-users > -- Frederic Stumpf phone: +49 6151 16 7015 TU Darmstadt -- Department of Computer Science fax: +49 6151 16 3514 Research Group IT-Security eMail: st...@se... |
|
From: Cyril D. <cyr...@gm...> - 2008-02-16 22:17:31
|
Hello, I followed your example on AIK generation, and ended up with the attest.dat file that contains the output of the attestPcrs() function. But I am not sure how to deal with it from the verifier's side. Do you have any example code or tip regarding how to verify the attest.dat file (or the output of the TPM_Quote which amounts to the same thing), given a public key (which format?) and the file containing the "quote" (which format?) ? Thank you again ;) -- Cyril Dangerville |
|
From: Cyril D. <cyr...@gm...> - 2008-02-16 22:09:56
|
Hello, I am facing a keystore issue: When I successfully load keys into the TPM with tpm4java, I lose all of them as soon as I reboot my computer. Is there any way to keep them from being evicted? By reading the TPM Commands spec, I found out that this was possible with the TPM_KeyControlOwner command: Start of informative comment: 3995 This command controls some attributes of keys that are stored within the TPM key cache. 3996 OwnerEvict: If this bit is set to true, this key remains in the TPM non-volatile storage 3997 through all TPM_Startup events. The only way to evict this key is for the TPM Owner to 3998 execute this command again, setting the owner control bit to false and then executing 3999 TPM_FlushSpecific. 4000 The key handle does not reference an authorized entity and is not validated. 4001 End of informative comment. -- However, this is not implemented (yet?) in tpm4java, as far as I can see. Do you have any tip on fixing this issue? Thank you. Regards, -- Cyril Dangerville |
|
From: Laura A. <la...@rb...> - 2007-09-10 15:47:24
|
Hi, the function TPM_GetTicks() returns a CURRENT_TICK Object. This consists of TPM_STRUCTURE_TAG (2Byte), currentTicks (8Byte), tickRate (2Byte) and a TPM_Nonce (20Byte). the outcome of this is 32 byte and not 36 :) cya |
|
From: <des...@ho...> - 2007-09-03 14:13:25
|
OK, the problem is that a was sending a wrong public key for the decryption process. I used the AIK public key not the Endorsement public Key. The problem is that TPM_ReadPubek can't be used in the new TPM specification, you have to call TPM_OwnerReadPubek instead. ----- Original Message ----- From: "Andrés Rosado Laitinen" <and...@te...> To: "Frederic Stumpf" <st...@se...> Cc: <tpm...@li...> Sent: Wednesday, June 13, 2007 12:12 PM Subject: Re: [Tpm4java-users] PLEASE HELP! TPMException: Bad return code 33The descryption process did not complete Ok, never mind, i tried it with a TPM emulator and it worked, so i'll use the emu. Thank you. ----- Original Message ----- From: "Frederic Stumpf" <st...@se...> To: "Andrés Rosado Laitinen" <and...@te...> Cc: <tpm...@li...> Sent: Wednesday, June 13, 2007 11:17 AM Subject: Re: [Tpm4java-users] PLEASE HELP! TPMException: Bad return code 33 The descryption process did not complete Hi Andrés, sorry, I have no clue either. I suggest that you try your code with the TPM emulator to verify whether your code is okay or if it is a problem with your HW TPM. The problem is that most of the available TPMs are not conform to the TCG specification and therefore many problems occur. best regards Frederic Andrés Rosado Laitinen schrieb: > I'm using a hardware TPM version 1.2. I tried to deactivate the HMAC > verification of the TPM using the code: > > TssLowlevel l = TssFactory.getLowlevel(); > l.setCheckReply(false); > > but it didn't work. I guess the problem is not due to a wrong HMAC > verification. The TPM returns the Bad code 33, but i didn't find any > information about it, only the TPM specifications documents by the TGC > with no further information. > > I hope someone can help me to solve this problem. > > Thank you. > -- Frederic Stumpf phone: +49 6151 16 7015 TU Darmstadt -- Department of Computer Science fax: +49 6151 16 3514 Research Group IT-Security eMail: st...@se... ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Tpm4java-users mailing list Tpm...@li... https://lists.sourceforge.net/lists/listinfo/tpm4java-users |
|
From: <and...@te...> - 2007-06-13 10:15:52
|
Ok, never mind, i tried it with a TPM emulator and it worked, so i'll use the emu. Thank you. ----- Original Message ----- From: "Frederic Stumpf" <st...@se...> To: "Andrés Rosado Laitinen" <and...@te...> Cc: <tpm...@li...> Sent: Wednesday, June 13, 2007 11:17 AM Subject: Re: [Tpm4java-users] PLEASE HELP! TPMException: Bad return code 33 The descryption process did not complete Hi Andrés, sorry, I have no clue either. I suggest that you try your code with the TPM emulator to verify whether your code is okay or if it is a problem with your HW TPM. The problem is that most of the available TPMs are not conform to the TCG specification and therefore many problems occur. best regards Frederic Andrés Rosado Laitinen schrieb: > I'm using a hardware TPM version 1.2. I tried to deactivate the HMAC > verification of the TPM using the code: > > TssLowlevel l = TssFactory.getLowlevel(); > l.setCheckReply(false); > > but it didn't work. I guess the problem is not due to a wrong HMAC > verification. The TPM returns the Bad code 33, but i didn't find any > information about it, only the TPM specifications documents by the TGC > with no further information. > > I hope someone can help me to solve this problem. > > Thank you. > -- Frederic Stumpf phone: +49 6151 16 7015 TU Darmstadt -- Department of Computer Science fax: +49 6151 16 3514 Research Group IT-Security eMail: st...@se... |
|
From: Frederic S. <st...@se...> - 2007-06-13 09:18:12
|
Hi Andr=E9s, sorry, I have no clue either. I suggest that you try your code with the=20 TPM emulator to verify whether your code is okay or if it is a problem=20 with your HW TPM. The problem is that most of the available TPMs are not = conform to the TCG specification and therefore many problems occur. best regards Frederic Andr=E9s Rosado Laitinen schrieb: > I'm using a hardware TPM version 1.2. I tried to deactivate the HMAC ve= rification of the TPM using the code: >=20 > TssLowlevel l =3D TssFactory.getLowlevel(); > l.setCheckReply(false); >=20 > but it didn't work. I guess the problem is not due to a wrong HMAC veri= fication. The TPM returns the Bad code 33, but i didn't find any informat= ion about it, only the TPM specifications documents by the TGC with no fu= rther information. >=20 > I hope someone can help me to solve this problem. >=20 > Thank you. >=20 --=20 Frederic Stumpf phone: +49 6151 16 7015 TU Darmstadt -- Department of Computer Science fax: +49 6151 16 3514 Research Group IT-Security =09 eMail: st...@se... |
|
From: <and...@te...> - 2007-06-12 12:14:15
|
I'm using a hardware TPM version 1.2. I tried to deactivate the HMAC = verification of the TPM using the code: TssLowlevel l =3D TssFactory.getLowlevel(); l.setCheckReply(false); but it didn't work. I guess the problem is not due to a wrong HMAC = verification. The TPM returns the Bad code 33, but i didn't find any = information about it, only the TPM specifications documents by the TGC = with no further information. I hope someone can help me to solve this problem. Thank you. |
|
From: <and...@te...> - 2007-06-05 17:29:56
|
Hello, i've got a problem using the funtion "activateAik", it bring me = =3D an error. I'm trying to realize a remote platform attestation. I guess = =3D that i can decrypt the ca response without using the TPM but i'm not =3D sure. The error trace is this: ->TPM: (36) 00 C1 00 00 00 24 00 00 00 0B 00 01 01 00 00 42 89 EC 9C A5 2A 26 1D F4 29 30 A8 D3 D8 F7 94 88 06 46 00 9F TPM->: (16384) 00 C4 00 00 00 36 00 00 00 00 00 00 00 4F EC 5A 66 7A 09 6F 46 67 FA A0 D0 C6 1B CB 12 1D 76 EF 23 87 DA 9F F5 A9 05 AC 59 66 DC BB A2 3F 0E F8 AC 69 44 A7 2B E8 ->TPM: (10) 00 C1 00 00 00 0A 00 00 00 0A TPM->: (16384) 00 C4 00 00 00 22 00 00 00 00 00 00 00 50 D1 10 99 F9 BD AA F2 CB 67 84 7F E9 1E 70 DF 88 6E A0 5B 67 ->TPM: (364) 00 C3 00 00 01 6C 00 00 00 7A 01 00 00 42 00 00 01 00 A7 D7 20 C8 D5 06 E3 22 2E 18 DD D8 B4 31 C9 7B DC 5C 1B 0D B1 6B B8 90 04 A0 C8 64 E2 72 4E 04 4D B7 30 02 AA E6 AA D3 D4 E5 B2 B8 91 F1 77 AD 5C 63 03 8D A2 80 C4 4B 3E FD 31 A1 F4 ED DC 30 75 C6 FA 71 34 27 72 F0 B8 F3 1C 93 06 F1 F0 4F 08 53 02 21 0D 81 E1 FB C3 39 0C 8B E8 C4 61 8A C2 4F F5 E5 AF 1D F9 4E E7 4E 1C 1D 8D 33 9C D9 24 9C D8 66 42 06 95 CB FF A0 13 08 C0 33 E6 A4 0A E5 4D 0B F7 92 D8 3D 31 2D 5E B8 B0 62 D4 99 D2 CB AE 8B 19 EC EC 89 59 A2 E4 64 D1 CE 8D 82 A5 6E C6 9A 37 57 8A 01 01 03 50 A7 89 53 CB 35 02 6E 2E 81 30 31 7D 99 A3 54 04 88 09 78 63 47 52 9D F2 45 EC AF 5E 4B 34 E2 FF B4 D7 27 20 E7 60 4C 02 EB 51 52 E3 95 4A 59 B7 7C E8 C3 17 D8 B4 05 C4 16 A0 5C 82 92 4B 5C 03 31 82 11 CF 11 5B C3 A1 41 D4 00 1F 26 2D 17 A3 96 F9 C3 23 07 00 00 00 4F 89 EC 9C A5 2A 26 1D F4 29 30 A8 D3 D8 F7 94 88 06 46 00 9F 00 0B D8 D3 92 87 84 46 B5 56 07 D8 A4 49 E2 37 6E A7 6F F5 0C 00 00 00 50 98 3C 56 E9 63 CC ED D2 30 16 CE 40 9D F9 27 18 DC 0D CF 1F 00 CB 65 5B 9F A6 1C F2 38 2D 12 E2 24 C7 22 F3 00 6F D7 CA C4 TPM->: (16384) 00 C4 00 00 00 0A 00 00 00 21 java.lang.RuntimeException: de.datenzone.tpm4java.TPMException: Bad =3D return code 33 The decryption process did not complete. at =3D de.datenzone.tpm4java.TssHighLevelImpl.activateAik(TssHighLevelImpl.j ava:393) at =3D de.datenzone.tpm4java.examples.ActivateAik.main(ActivateAik.java:47) Caused by: de.datenzone.tpm4java.TPMException: Bad return code 33 The = =3D decryption process did not complete. at =3D de.datenzone.tpm4java.TSSCoreService.SendCommand(TSSCoreService.java: 2212) at =3D de.datenzone.tpm4java.TSSCoreService.SendCommand(TSSCoreService.java: 2198) at =3D de.datenzone.tpm4java.TSSCoreService.TPM_ActivateIdentity(TSSCoreServ ice.java:1352) at =3D de.datenzone.tpm4java.TssHighLevelImpl.activateAik(TssHighLevelImpl.j ava:386) ... 1 more Hope thas someone can help me...thanks in advance. |
|
From: Markus <ax...@go...> - 2007-05-09 13:39:21
|
Hi, I'd like to modify the EncryptFile / DecryptFile-Example to permanently store the key inside the TPM and not append it to the encrypted File. In the encryption method I probably have to change the wrapper template to templateStorage(). How can I refer the stored key during decryption? Is there a way to get a list of all keys permanently stored insinde the TPM? |
|
From: Martin H. <li...@ma...> - 2007-05-01 17:33:56
|
Hello Andrés, all checkReply does is verifying if the hmac of the tpm reply is correct. This is done to prevent a replay attack or modifications by a man-in-the-middle between the program and the tpm. Practically there is no problem if you turn this option off. Other tpm libraries even omit the verification by default. HTH, Martin Andrés Rosado Laitinen schrieb: > Hello, i solved the problem by desactivating the checkReply option > (lowLevel.setCheckReply(false)) but i don't know how important is that the > checkReply option is enabled. I'm trying to do a remote platform > attestation. > > ----- Original Message ----- > From: "Andrés Rosado Laitinen" <and...@te...> > To: <tpm...@li...> > Sent: Sunday, April 22, 2007 9:34 AM > Subject: [Tpm4java-users] Problem using GenerateAIKrequest > > > >> Hello, i receive an error using the example class GenerateAikrequest. >> I'm using linux with tpm-emulator-0.5 this is the error message that i >> receive: >> >> Expected: A0 CD BE 29 EC B3 3B B1 51 CB C1 1F 93 0B AB F3 >> 21 26 9C 7C >> TPM send: 3B 03 84 5A 67 A4 A3 1B 61 85 7E E4 F9 02 66 93 >> 31 04 F9 7D >> java.lang.RuntimeException: de.datenzone.tpm4java.TSSException: reply >> authentication failed >> at >> de.datenzone.tpm4java.TssHighLevelImpl.generateAIK(TssHighLevelImpl.java:130) >> at >> de.datenzone.tpm4java.examples.GenerateAikRequest.main(GenerateAikRequest.java:95) >> Caused by: de.datenzone.tpm4java.TSSException: reply authentication >> failed >> at >> de.datenzone.tpm4java.TSSCoreService.verifyReplyHmac(TSSCoreService.java:2127) >> at >> de.datenzone.tpm4java.TSSCoreService.authGetAndVerify(TSSCoreService.java:2178) >> at >> de.datenzone.tpm4java.TSSCoreService.authGetAndVerify(TSSCoreService.java:2184) >> at >> de.datenzone.tpm4java.TSSCoreService.TPM_LoadKey(TSSCoreService.java:685) >> at >> de.datenzone.tpm4java.TssHighLevelImpl.generateAIK(TssHighLevelImpl.java:126) >> ... 1 more >> >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/ >> _______________________________________________ >> Tpm4java-users mailing list >> Tpm...@li... >> https://lists.sourceforge.net/lists/listinfo/tpm4java-users >> >> > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Tpm4java-users mailing list > Tpm...@li... > https://lists.sourceforge.net/lists/listinfo/tpm4java-users > -- Martin Hermanowski http://martin.hermanowski.name https://www.xing.com/profile/Martin_Hermanowski/ |
|
From: <des...@ho...> - 2007-04-23 00:38:44
|
Hello, i solved the problem by desactivating the checkReply option (lowLevel.setCheckReply(false)) but i don't know how important is that the checkReply option is enabled. I'm trying to do a remote platform attestation. ----- Original Message ----- From: "Andrés Rosado Laitinen" <and...@te...> To: <tpm...@li...> Sent: Sunday, April 22, 2007 9:34 AM Subject: [Tpm4java-users] Problem using GenerateAIKrequest > Hello, i receive an error using the example class GenerateAikrequest. > I'm using linux with tpm-emulator-0.5 this is the error message that i > receive: > > Expected: A0 CD BE 29 EC B3 3B B1 51 CB C1 1F 93 0B AB F3 > 21 26 9C 7C > TPM send: 3B 03 84 5A 67 A4 A3 1B 61 85 7E E4 F9 02 66 93 > 31 04 F9 7D > java.lang.RuntimeException: de.datenzone.tpm4java.TSSException: reply > authentication failed > at > de.datenzone.tpm4java.TssHighLevelImpl.generateAIK(TssHighLevelImpl.java:130) > at > de.datenzone.tpm4java.examples.GenerateAikRequest.main(GenerateAikRequest.java:95) > Caused by: de.datenzone.tpm4java.TSSException: reply authentication > failed > at > de.datenzone.tpm4java.TSSCoreService.verifyReplyHmac(TSSCoreService.java:2127) > at > de.datenzone.tpm4java.TSSCoreService.authGetAndVerify(TSSCoreService.java:2178) > at > de.datenzone.tpm4java.TSSCoreService.authGetAndVerify(TSSCoreService.java:2184) > at > de.datenzone.tpm4java.TSSCoreService.TPM_LoadKey(TSSCoreService.java:685) > at > de.datenzone.tpm4java.TssHighLevelImpl.generateAIK(TssHighLevelImpl.java:126) > ... 1 more > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Tpm4java-users mailing list > Tpm...@li... > https://lists.sourceforge.net/lists/listinfo/tpm4java-users > |
|
From: R. L. <and...@te...> - 2007-04-22 23:38:59
|
Hello, i receive an error using the example class GenerateAikrequest.
I'm using linux with tpm-emulator-0.5 this is the error message that i
receive:
Expected: A0 CD BE 29 EC B3 3B B1 51 CB C1 1F 93 0B AB F3
21 26 9C 7C
TPM send: 3B 03 84 5A 67 A4 A3 1B 61 85 7E E4 F9 02 66 93
31 04 F9 7D
java.lang.RuntimeException: de.datenzone.tpm4java.TSSException: reply
authentication failed
at
de.datenzone.tpm4java.TssHighLevelImpl.generateAIK(TssHighLevelImpl.java:130)
at
de.datenzone.tpm4java.examples.GenerateAikRequest.main(GenerateAikRequest.java:95)
Caused by: de.datenzone.tpm4java.TSSException: reply authentication
failed
at
de.datenzone.tpm4java.TSSCoreService.verifyReplyHmac(TSSCoreService.java:2127)
at
de.datenzone.tpm4java.TSSCoreService.authGetAndVerify(TSSCoreService.java:2178)
at
de.datenzone.tpm4java.TSSCoreService.authGetAndVerify(TSSCoreService.java:2184)
at
de.datenzone.tpm4java.TSSCoreService.TPM_LoadKey(TSSCoreService.java:685)
at
de.datenzone.tpm4java.TssHighLevelImpl.generateAIK(TssHighLevelImpl.java:126)
... 1 more
|
|
From: <des...@ho...> - 2007-04-19 21:13:26
|
Hello, i've got a problem using the funtion "activateAik", it bring me =
an error. I'm trying to realize a remote platform attestation. I guess =
that i can decrypt the ca response without using the TPM but i'm not =
sure. The error trace is this:
->TPM: (36)
00 C1 00 00 00 24 00 00 00 0B 00 01 01 00 00 42
89 EC 9C A5 2A 26 1D F4 29 30 A8 D3 D8 F7 94 88
06 46 00 9F
TPM->: (16384)
00 C4 00 00 00 36 00 00 00 00 00 00 00 4F EC 5A
66 7A 09 6F 46 67 FA A0 D0 C6 1B CB 12 1D 76 EF
23 87 DA 9F F5 A9 05 AC 59 66 DC BB A2 3F 0E F8
AC 69 44 A7 2B E8
->TPM: (10)
00 C1 00 00 00 0A 00 00 00 0A
TPM->: (16384)
00 C4 00 00 00 22 00 00 00 00 00 00 00 50 D1 10
99 F9 BD AA F2 CB 67 84 7F E9 1E 70 DF 88 6E A0
5B 67
->TPM: (364)
00 C3 00 00 01 6C 00 00 00 7A 01 00 00 42 00 00
01 00 A7 D7 20 C8 D5 06 E3 22 2E 18 DD D8 B4 31
C9 7B DC 5C 1B 0D B1 6B B8 90 04 A0 C8 64 E2 72
4E 04 4D B7 30 02 AA E6 AA D3 D4 E5 B2 B8 91 F1
77 AD 5C 63 03 8D A2 80 C4 4B 3E FD 31 A1 F4 ED
DC 30 75 C6 FA 71 34 27 72 F0 B8 F3 1C 93 06 F1
F0 4F 08 53 02 21 0D 81 E1 FB C3 39 0C 8B E8 C4
61 8A C2 4F F5 E5 AF 1D F9 4E E7 4E 1C 1D 8D 33
9C D9 24 9C D8 66 42 06 95 CB FF A0 13 08 C0 33
E6 A4 0A E5 4D 0B F7 92 D8 3D 31 2D 5E B8 B0 62
D4 99 D2 CB AE 8B 19 EC EC 89 59 A2 E4 64 D1 CE
8D 82 A5 6E C6 9A 37 57 8A 01 01 03 50 A7 89 53
CB 35 02 6E 2E 81 30 31 7D 99 A3 54 04 88 09 78
63 47 52 9D F2 45 EC AF 5E 4B 34 E2 FF B4 D7 27
20 E7 60 4C 02 EB 51 52 E3 95 4A 59 B7 7C E8 C3
17 D8 B4 05 C4 16 A0 5C 82 92 4B 5C 03 31 82 11
CF 11 5B C3 A1 41 D4 00 1F 26 2D 17 A3 96 F9 C3
23 07 00 00 00 4F 89 EC 9C A5 2A 26 1D F4 29 30
A8 D3 D8 F7 94 88 06 46 00 9F 00 0B D8 D3 92 87
84 46 B5 56 07 D8 A4 49 E2 37 6E A7 6F F5 0C 00
00 00 50 98 3C 56 E9 63 CC ED D2 30 16 CE 40 9D
F9 27 18 DC 0D CF 1F 00 CB 65 5B 9F A6 1C F2 38
2D 12 E2 24 C7 22 F3 00 6F D7 CA C4
TPM->: (16384)
00 C4 00 00 00 0A 00 00 00 21
java.lang.RuntimeException: de.datenzone.tpm4java.TPMException: Bad =
return code
33 The decryption process did not complete.
at =
de.datenzone.tpm4java.TssHighLevelImpl.activateAik(TssHighLevelImpl.j
ava:393)
at =
de.datenzone.tpm4java.examples.ActivateAik.main(ActivateAik.java:47)
Caused by: de.datenzone.tpm4java.TPMException: Bad return code 33 The =
decryption
process did not complete.
at =
de.datenzone.tpm4java.TSSCoreService.SendCommand(TSSCoreService.java:
2212)
at =
de.datenzone.tpm4java.TSSCoreService.SendCommand(TSSCoreService.java:
2198)
at =
de.datenzone.tpm4java.TSSCoreService.TPM_ActivateIdentity(TSSCoreServ
ice.java:1352)
at =
de.datenzone.tpm4java.TssHighLevelImpl.activateAik(TssHighLevelImpl.j
ava:386)
... 1 more
Hope thas someone can help me...thanks in advance.
|
|
From: Martin H. <li...@ma...> - 2007-04-01 15:03:50
|
Hi Bryan, Bryan Smith schrieb: > I have been trying to perform a platform attestation with tpm4java > using the java code provided in the Tutorial, but when I run > GenerateAikRequest, I get a "Target command has been disabled" error > when it tries to run tpm_readpubek. I tried to enable the command > with a command-line TPM tool, but tpm4java formats the owner password > in such a way that the owner password cannot be recognize through the > command-line. How can I enable the tpm_readpubek command with > tpm4java? Thanks. > tpm4java creates the owner (and all other passwords) by hashing the UTF16 representation of the given string with SHA1. The java code for this can be found in TssHighLevelImpl.toHkey. I don't think that there is a way to enable the ReadPubek command once it has been disabled. If you need to get the PubEK, you could replace the TPM_ReadPubek function with TPM_OwnerReadPubek, which requires owner authentication. But in GenerateAilRequest, the PubEK is only read because it is needed by the Privacy CA. You can skip this part if you just want to do a platform attestation. HTH, Martin -- Martin Hermanowski http://martin.hermanowski.name https://www.xing.com/profile/Martin_Hermanowski/ |
|
From: Bryan S. <bj...@cs...> - 2007-03-20 14:46:20
|
I have been trying to perform a platform attestation with tpm4java using the java code provided in the Tutorial, but when I run GenerateAikRequest, I get a "Target command has been disabled" error when it tries to run tpm_readpubek. I tried to enable the command with a command-line TPM tool, but tpm4java formats the owner password in such a way that the owner password cannot be recognize through the command-line. How can I enable the tpm_readpubek command with tpm4java? Thanks. Bryan |
|
From: Erik T. <er...@de...> - 2007-03-06 00:20:14
|
Am Dienstag, den 06.03.2007, 00:08 +0000 schrieb KAM B: > In case you wanted to try for yourself, here's the zip of my entire=20 > directory. Well, there is a little problem. Currently I don't got access to a system running windows and having a tpm with a useable driver installed. |
|
From: Erik T. <er...@de...> - 2007-03-06 00:20:14
|
Am Dienstag, den 06.03.2007, 00:01 +0000 schrieb KAM B: > Thanks for looking into this. >=20 > I have attached a copy of my source file too. >=20 > Here's the content of my dir: Well, I got no idea. Try removing all the tpm4java stuff from your testfile and just printing a hello world and see if this runs with the command. Can you give me a full text version of the exception? |
|
From: Erik T. <er...@de...> - 2007-03-06 00:20:14
|
Am Dienstag, den 06.03.2007, 00:16 +0000 schrieb KAM B: > I just noitced that I am missing the file: tpmddl.dll. >=20 > This is probably the cause. What do you think? Yes, this must be provided by your tpm manufactor. The filename might be different. Perhaps you can find it somewhere in your windows system directory. |
|
From: Erik T. <er...@de...> - 2007-03-05 23:51:20
|
Am Montag, den 05.03.2007, 23:29 +0000 schrieb KAM B: > I've tried that too. Same result. OK, please show me the complete content of your directory. Did you use the sun jre? Did you put TPMtest1 into any package? Whats the result of java -version? |
|
From: KAM B <ka...@ms...> - 2007-03-05 23:29:20
|
Sorry for asking such simple question! I Have compiled one of the sample programs. I issue the following command on in my windows XP DOS command line: java -cp tpm4java.jar:. -Djava.library.path=. TPMtest1 or java tpm4java.jar:. -Djava.library.path=. TPMtest1 I have tpm4java.jar and javaddl.dll in the same directory and the spelling and casing of my java program (TPMtest1) is correct. I get the error: "Exception in thread "main" java.lang.NoClassDefFoundError: TPMtest1". It should be esay to figure this out but, since everything checks I am not sure where the problem cculd be?? ------------------------------------------------------------------------ >Take Surveys. Earn Cash. Influence the Future of IT >Join SourceForge.net's Techsay panel and you'll get the chance to share >your >opinions on IT & business topics through brief surveys-and earn cash >http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >_______________________________________________ >Tpm4java-users mailing list >Tpm...@li... >https://lists.sourceforge.net/lists/listinfo/tpm4java-users |
|
From: Erik T. <er...@de...> - 2007-03-05 23:26:04
|
Am Montag, den 05.03.2007, 23:08 +0000 schrieb KAM B: > java tpm4java.jar:. -Djava.library.path=3D. TPMtest1 try java -cp tpm4java.jar:. -Djava.library.path=3D. TPMtest1 instead. |
|
From: KAM B <ka...@ms...> - 2007-03-05 23:08:14
|
Sorry for asking such simple question! I Have compiled one of the sample programs. I issue the following command on in my windows XP DOS command line: java tpm4java.jar:. -Djava.library.path=. TPMtest1 I have tpm4java.jar and javaddl.dll in the same directory and the spelling and casing of my java program (TPMtest1) is correct. I get the error: "Exception in thread "main" java.lang.NoClassDefFoundError: TPMtest1". It should be esay to figure this out but, since everything checks I am not sure where the problem could be?? |
