Menu
▾
▴
Re: [Trustedjava-support] Problems with AIK creation
|
From: Martin P. <Mar...@ia...> - 2007-07-19 12:41:42
|
Till Bentz wrote: > Thanks for your quick reply! Our responsiveness depends on multiple factors. Sometimes there are more resources/manpower available for this project, sometimes less. Currently you appear to be lucky. > On 7/19/07, Martin Pirker <Mar...@ia...> wrote: >> Till Bentz wrote: >> > I try to create an AIK. For this process I need an EK credential. >> > Unfortunately my manufacturer did not deliver one. Can someone give me a >> > hint on how I can create one myself? >> >> Use TCcert, or use JTpmTools to get one from our demo PrivacyCA setup >> (mail me for authentication password) >> >> > I set up my own little Privacy CA using >> > openssl and I think I have therefore the necessary Keys and certificates to >> > create an EK cred. >> >> You implemented the additional Trusted Computing certificate >> structures for OpenSSL? > > I was not aware of the fact, that I need to implement additional Trusted > Computing structures. I just set up a normal CA and use it to sign my > client and server certificates. You can of course use standard software to create CA certificates. The functionality of TCcert to create CA like certificates is only intended for quick testing. > In other words is it > possible to adjust the ini files in tccert so that I can use my own CA or > are there any special requirements? The .ini files should be self-explanatory, just fill in the filenames of your own CA certificates + private keys, TCcert should be able to use them. The EK, PE and AIK certificates contain new Trusted Computing specific structures not (yet) available in standard software. That's what TCcert is good for.... HTH -- Martin Pirker IAIK, TU Graz |
