From: Nektarios I. <ine...@gm...> - 2007-04-22 20:34:43
|
Hello Thomas, Thank you for your help. Yes the "magic" was the key type indeed ! :-) However, now I would like to do something "useful" with an AIK instead of a "storage" or "legacy" type key. That is, be able to either "bind" or "seal" some data (e.g. some textfile) using an AIK I have created previously. When I tried to do that I before: Input: seal -i PCR_values -k nectarios -o PCR_values_SEALED_2 -p 1 -u 1.2.3.4.5.d5daefea84e1 where, "1.2.3.4.5.d5daefea84e1" is my AIK's UUID "nectarios" is the password of the above AIK "PCR_values" is the file to be sealed "PCR_values_SEALED_2" is the file to be created after the sealing operation. and the above data is to be sealed in PCR #1 I got something like: Ignoring unexpected element: 20:07:24:986 [INFO] Seal::execute (205): sealing to pcr: 1 TSPI call error: error code : 0x01 error message: TPM layer: Authentication failed Any ideas? P.S I do not understand why i get the "Ignoring unexpected element" warning at the beginning either. Many thanks, Nektarios On 13/03/07, Thomas Winkler <tho...@ia...> wrote: > > Hello, > > > error code: 0x24 > > error message: TPM layer: Invalid key usage > > For sealing you have to use a key of type TPM_KEY_STORAGE (. > > Have a look at the command "./jtt.sh create_key". It says: > > "[...] > > -t type ... type of key (use 'legacy' for binding and 'storage' for > sealing operations) (legal values: storage, legacy) (default: legacy) > > [...]" > > So - the "magic" is the "-t storage" option: > > > > ./jtt.sh create_key -t storage -k test > > ----------------------------------- > IAIK/OpenTC Java TPM Tools > - - - - - - - - - - > based on IAIK/OpenTC jTSS Wrapper > ----------------------------------- > > > 07:30:11:734 [INFO] CreateKey::execute (136): parent key is SRK, key > length is 2048 bits > 07:30:11:758 [INFO] CreateKey::execute (137): key type is storage > 07:30:11:759 [INFO] CreateKey::execute (138): key registered in > persistent system storage with UUID: 1.2.3.4.5.8dd8f68218c1 > 07:30:11:759 [INFO] CreateKey::execute (139): CreateKey succeeded > > > > With that key, the sealing should work: > > > > ./jtt.sh seal -i somefile.txt -k test -o ./sealed.data -p 10 -u > 1.2.3.4.5.8dd8f68218c1 > > ----------------------------------- > IAIK/OpenTC Java TPM Tools > - - - - - - - - - - > based on IAIK/OpenTC jTSS Wrapper > ----------------------------------- > > > 07:30:44:585 [INFO] Seal::execute (205): sealing to pcr: 10 > 07:30:44:764 [INFO] Seal::execute (295): Sealing succeeded > > > > hth, > Thomas Winkler > > |