Menu
▾
▴
Re: [Trustedjava-support] Error in perfoming "Seal" command [Error code: 0x24 - Invalid Key Usage]
|
From: Nektarios I. <ine...@gm...> - 2007-04-25 10:57:14
|
Hello, Yes, I understand. Well the reason I wanted to do that was because I was trying to "simulate" the signing of the PCR-values with an AIK by copying the PCR-values given by the "pcr_read" jTPMTools command and manually copying them into a text file and then signing that textfile with some key ! Since the textfile is just an ordinary data file only the storage key seemed to work. (right?) Assuming I am... is there a way to sign the ACTUAL PCR-values from the TPM with an AIK that I have created? Does this already exist somewhere in the jTSSWrapper source code? The reason I am asking all these questions is that ultimately, I would like to be able to implement a small java application in which a Client manages to attest its self to a Challenger before the Challenger allows it to perform some other operation. That is, I would like to perform a full Attestation procedure (or as full as it is currently possible). If I'm not mistaken, from what I've understood from the jTSSWrapper source code, when creating an AIK key, some steps of an Attestation procedure are included as well. (i.e. the "create_aik" command from jTPMTools does not only create an AIK key pair but also assumes that a PrivacyCA has certified the AIK as well. Is this correct? Since I am interested in performing an attestation procedure, I would also need to know, Is there a way to extract the Storage Measurement Log (SML) from the TPM through jTSSWrapper code? Also is the AIK certificate that has been signed by the PrivacyCA (and will have to be verified by the Challenger afterwards) the aik-uuid<some numbers>.cert file that appears on disk after I run a successful "create_aik" command? Finally, is there an API / Documentation for jTSSWrapper ? It would be really useful for me and less annoying for you... :-) In any case, many thanks once again, Nektarios P.S Is the TPM_QUOTE command implemented somewhere in jTSSWrapper? I have found some references to it in the source code but was not quite sure as to what I was looking at was such an implementation or not... On 23/04/07, Thomas Winkler <tho...@ia...> wrote: > > Hello, > > > However, now I would like to do something "useful" with an AIK instead > > of a "storage" or "legacy" type key. That is, be able to either "bind" > > or "seal" some data ( e.g. some textfile) using an AIK I have created > > previously. > > Short answer: You can't. > > Longer answer: An AIK can only be used for TPM Quote and CertifyKey > operations. You can not use an AIK to e.g. bind or seal data. That is > not some arbitrary limitation imposed by the TSS or jTSS implementations > but that is the way the TPM works. For more details please have a look > at the TPM specification. > > Regards, > Thomas Winkler > > |
