[Trustedjava-support] AIK creation fails

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'm trying to use the AIK capabilities of the Trusted Java Stack, but
I've got some problems and I hope you can help me with that.

When using the AIK creation methods in the example test I have problems
to decrypt the IdentityReqBlob. During the method I get the following
error:

java.security.InvalidKeyException: Illegal key size or default
parameters
        at (24464082) javax.crypto.Cipher.a(DashoA12275)
        at (24464082) javax.crypto.Cipher.a(DashoA12275)
        at (24464082) javax.crypto.Cipher.a(DashoA12275)
        at (24464082) javax.crypto.Cipher.init(DashoA12275)
        at (24464082) javax.crypto.Cipher.init(DashoA12275)

I'm using the method of the junit test package (I printed it below). The
error appears during the execution of the=20

aesDec.init(Cipher.DECRYPT_MODE, skeySpec);

command.

Do you have any idea why the decryption here fails? The decryption of
the symmetric key seems to work. I'm using the complete AIK creation
process that is available in the junit test package. I create the public
CA key in the same way and the TPM_MakeIdentity command is also
successful on the TPM. The TPM doesn't give me error messages, so the
keys should be alright.

Thanks for your help,
Anna

My decryption method:

public TcTcpaIdentityProof caDecryptIdentityReqBlob(
			TcBlobData collateIdentityReqBlob) throws
TcException {
				// step 1: decode the collate identity
request blob
		TcTcpaIdentityReq collateIdentityReq =3D new
TcTcpaIdentityReq(
				collateIdentityReqBlob);

		TcBlobData symBlobDecrypted =3D null;
		try {

			// step 2: decrypt the symmetric key (encrypted
by the client with
			// the public CA key)

			//Cipher rsaDec =3D
Cipher.getInstance("RSA/ECB/PKCS1Padding");
			 Cipher rsaDec =3D
=09
Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
		=09
			rsaDec.init(Cipher.DECRYPT_MODE,
caKeyPair_.getPrivate());
			TcTcpaSymmetricKey symmetricKey =3D new
TcTcpaSymmetricKey(=20
=09
TcTssStructFactory.newBlobData().initByteArray(
=09
rsaDec.doFinal(collateIdentityReq.getAsymBlob()
=09
.asByteArray())));
		=09
			// step 3: decrypt the symmetrically encrypted
data
			Cipher aesDec =3D
Cipher.getInstance("AES/ECB/PKCS5Padding");
			SecretKeySpec skeySpec =3D new
SecretKeySpec(symmetricKey.getData()
					.asByteArray(), "AES");
		=09
		=09
			aesDec.init(Cipher.DECRYPT_MODE, skeySpec);
		=09
			symBlobDecrypted =3D
TcTssStructFactory.newBlobData().initByteArray(
					//=20
=09
aesDec.doFinal(collateIdentityReq.getSymBlob()
=09
.asByteArray()));

			} catch (GeneralSecurityException e) {
			Log.err(this,e);
			return null;
		}

				// the decrypted data is of type
TCPA_IDENTITY_PROOF
		TcTcpaIdentityProof identityProof =3D new
TcTcpaIdentityProof(
				symBlobDecrypted);
	=09
		return identityProof;
	}