Re: [Trustedjava-support] Error in perfoming "Seal" command [Error code: 0x24 - Invalid Key Usage]

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello Thomas,

Thank you for your help. Yes the "magic" was the key type indeed ! :-)

However, now I would like to do something "useful" with an AIK instead of a
"storage" or "legacy" type key. That is, be able to either "bind" or "seal"
some data (e.g. some textfile) using an AIK I have created previously.

When I tried to do that I before:

Input:

seal -i PCR_values -k nectarios -o PCR_values_SEALED_2 -p 1 -u
1.2.3.4.5.d5daefea84e1

where,

"1.2.3.4.5.d5daefea84e1"  is my AIK's UUID
"nectarios" is the password of the above AIK
"PCR_values" is the file to be sealed
"PCR_values_SEALED_2" is the file to be created after the sealing operation.
and the above data is to be sealed in PCR #1

I got something like:

Ignoring unexpected element:
20:07:24:986 [INFO] Seal::execute (205):       sealing to pcr: 1
TSPI call error:
    error code : 0x01
    error message: TPM layer: Authentication failed

Any ideas?

P.S I do not understand why i get the "Ignoring unexpected element" warning
at the beginning either.

Many thanks,

Nektarios

On 13/03/07, Thomas Winkler <tho...@ia...> wrote:
>
> Hello,
>
> >   error code:    0x24
> >   error message: TPM layer: Invalid key usage
>
> For sealing you have to use a key of type TPM_KEY_STORAGE (.
>
> Have a look at the command "./jtt.sh create_key". It says:
>
> "[...]
>
>    -t type ... type of key (use 'legacy' for binding and 'storage' for
> sealing operations) (legal values: storage, legacy) (default: legacy)
>
> [...]"
>
> So - the "magic" is the "-t storage" option:
>
>
>
> ./jtt.sh create_key -t storage -k test
>
>    -----------------------------------
>     IAIK/OpenTC        Java TPM Tools
>    - - - - -                 - - - - -
>     based on IAIK/OpenTC jTSS Wrapper
>    -----------------------------------
>
>
> 07:30:11:734 [INFO] CreateKey::execute (136):   parent key is SRK, key
> length is 2048 bits
> 07:30:11:758 [INFO] CreateKey::execute (137):   key type is storage
> 07:30:11:759 [INFO] CreateKey::execute (138):   key registered in
> persistent system storage with UUID: 1.2.3.4.5.8dd8f68218c1
> 07:30:11:759 [INFO] CreateKey::execute (139):   CreateKey succeeded
>
>
>
> With that key, the sealing should work:
>
>
>
> ./jtt.sh seal -i somefile.txt -k test -o ./sealed.data -p 10 -u
> 1.2.3.4.5.8dd8f68218c1
>
>    -----------------------------------
>     IAIK/OpenTC        Java TPM Tools
>    - - - - -                 - - - - -
>     based on IAIK/OpenTC jTSS Wrapper
>    -----------------------------------
>
>
> 07:30:44:585 [INFO] Seal::execute (205):        sealing to pcr: 10
> 07:30:44:764 [INFO] Seal::execute (295):        Sealing succeeded
>
>
>
> hth,
> Thomas Winkler
>
>