Re: [Trustedjava-support] xkms_aik_create certificates

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Nektarios Ioannides wrote:
> 11:38:54:485 [WARN] PrivacyCa::<clinit> (86):    could not load CLIENT
> PrivacyCA default certificate (ok on server)

> I am guessing this is an issue with my certificate file. I have created this
> using the examples of TcCerts (with TcCerts) but I'm not sure if this is correct.

The .jar of JTpmTools contains 2 certificates:
a) PrivacyCA certificate
b) XKMS responder certificate

Both are expected to be used with our testserver, either you extract them
from the .jar or download them from http://opentc.iaik.tugraz.at/index.php?item=certs


a) contains the public key to encrypt the AIK request blob with, for the AIK
cycle with the PrivacyCA, as specified by TCG (remember: the answer from the PCA
is encrypted with the EK public, the EK cert is contained in the encrypted request)

b) is used to verify the server answer on a protocol level, every XKMS response is signed


a) is obviously needed if you talk to our server
b) is not strictly needed, you just get a warning if it is not available


HTH

-- 
Martin Pirker
IAIK, TU Graz