[Trustedjava-support] Error in perfoming "Seal" command [Error code: 0x24 - Invalid Key Usage]

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello everyone,

I have been having problems in creating a "sealed" package using the "seal
subcommand of jTPMTools

"somefile.txt" is a plaintext file that I created myself with some simple
text in it. This is the file to be "sealed".
"somefile_sealed.txt" is the (sealed version) file that will be created by
the "seal" subcommand.
"newpass" is the password of the sealing key to be used (
1.2.3.4.5.3589e17f4313). The sealing key was created as follows:

create_key -k newpass    [SUCCESSFULL]

So when I run the command with the following:

[root@localhost jTpmTools_0.2]# sh jtt.sh seal -i somefile.txt -k newpass -o
somefile_sealed.txt -p 0 -u 1.2.3.4.5.3589e17f4313

The following error occurs:

  -----------------------------------
   IAIK/OpenTC        Java TPM Tools
  - - - - -                 - - - - -
   based on IAIK/OpenTC jTSS Wrapper
  -----------------------------------

/home/inectarios/Trusted_Computing/jTpmTools_0.2/ext_libs
16:13:31:967 [INFO] Seal::execute (205):        sealing to pcr: 0
TSPI call error:
  error code:    0x24
  error message: TPM layer: Invalid key usage
        at iaik.tss.impl.jni.TcBaseObject.handleRetCode(TcBaseObject.java
:102)
        at iaik.tss.impl.jni.TcEncData.seal(TcEncData.java:129)
        at iaik.tc.apps.jtt.data.Seal.execute(Seal.java:271)
        at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java :80)
        at iaik.tc.utils.cmdline.SubCommandParser.parse(
SubCommandParser.java:52)
        at iaik.tc.apps.jtt.common.JTpmTools.main(JTpmTools.java:67)

I am 99% sure it has to do something with the key (-k parameter) used in the
"seal" subcommand.

Note: I believe, theoretically the seal key should be the one of the
"sealling key" but just for testing I tried to use some other random key
with the same command:

seal -i somefile.txt -k pass -o somefile_sealed.txt -p 0 -u
1.2.3.4.5.3589e17f4313

As expected I get the following error:

TSPI call error:
  error code:    0x01
  error message: TPM layer: Authentication failed
        at iaik.tss.impl.jni.TcBaseObject.handleRetCode(TcBaseObject.java
:102)
        at iaik.tss.impl.jni.TcEncData.seal(TcEncData.java:129)
        at iaik.tc.apps.jtt.data.Seal.execute(Seal.java:271)
        at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:80)
        at iaik.tc.utils.cmdline.SubCommandParser.parse(
SubCommandParser.java:52)
        at iaik.tc.apps.jtt.common.JTpmTools.main(JTpmTools.java:67)
        at com.test.Test.main(Test.java:25)

This is why I believe there must be something wrong with the (checking of)
the key.

Best regards,

Nektarios Ioannides