Menu
▾
▴
Re: [Trustedjava-support] Problems with AIK create cycle (both local and XMKS types)
|
From: Martin P. <Mar...@ia...> - 2007-08-16 06:46:26
|
Nektarios Ioannides wrote: > I have been away from the OpenTC scene so it's good to be back :-) Don't worry, could happen to anyone :-) > And when I run: > > ./jtt.sh xkms_aik_create -a secret -l aikLabel -o theoldsecret > > I get: > > 03:58:10:665 [INFO] AikUtil::createEKCertificate (123): created EK certificate on-the-fly > 03:58:10:673 [INFO] Client::overrideCertificates (113): overriding default EK certificate used by TSS > sending RegisterRequest... > ...result received > > Validating XKMS message signature using certificate: > CN=IAIK OpenTC XKMS Test Responder,OU=IAIK trusted computing labs,O=Graz > University of Technology,C=AT > XKMS Result message signature is INVALID. > > AIK create operation FAILED > ===>http://www.w3.org/2002/03/xkms#Sender > ===>http://www.w3.org/2002/03/xkms#Failure > > I am almost certain that it is not a setup error but something theoretical I > am missing to see here. > Any ideas ? Well, I can look at the server log.... was that you? 04:58:16:499 [INFO] HTTPHandler::run (97): 20070816-04:58:16 request from ......bethere.co.uk 04:58:16:503 [INFO] RequestProcessor::newInstance (133): === RegisterRequest /aik === 04:58:16:513 [INFO] PrivacyCa::processRequest (176): included EK certificate size: 1065 bytes 04:58:16:514 [INFO] PrivacyCa::processRequest (177): SubjAltName: id:49465800,SLD9630TT1.1,id:0104 04:58:16:514 [INFO] PrivacyCa::processRequest (184): PE: not included 04:58:16:514 [INFO] PrivacyCa::processRequest (192): CC: not included java.security.cert.CertificateException: EK validation FAILED ...meaning the included EK could not be verified, because a) it is not an IFX TPM EK (development boards are not supported) b) it is not an EK generated from our PCA server Unfortunately it is currently not possible to return a "nicer" error message. for b) you need a password for xkms_ekcert_create to work at our server -> mail me HTH -- Martin Pirker IAIK, TU Graz |
