Menu
▾
▴
Re: [Trustedjava-support] info about privacy ca
|
From: Martin P. <Mar...@ia...> - 2007-09-13 07:48:15
|
cas...@al... wrote: > i have done a privacy ca emulating your privacy ca in jtpmtools (client and privacy ca are local). > after i have done the activateidentity at the client side i create a x509certificate > using iaik-jce as you do in your tool with the aik credential. If you look at AikCreate.java in JTpmTools... aikCredential = client.activateIdentity(symCaAttestationEncrypted, asymCaContentsEncrypted, srkSecret, srkSecretMode); ...the goal of the PCA cycle is to create a certificate for the identity key in the TPM, activateidentity at the client extracts the certificate from the PCA answer. Creating a AIK certificate after activateidentity ignores the PCA concept - I don't understand why you would do that. > when the remote host performs the x509certificate.verify it gives an error of bad padding, > exactly: java.security.SignatureException: Signature decryption error: javax.crypto.BadPaddingException: > Maybe is the certificate without something important? Maybe .verify does just what it says in the IAIK-JCE documentation, namely check the signature of a self signed certificate - which I don't understand why you would want to do that here. > have i to do other operations after the creation of the certificate with aik credential > or is it enough to send it to a remote host that has to verify it? Please find someone explaining public key infrastructures (PKI) with X509 certificates to you. You seem to be not sure what you want to achieve (and why). HTH -- Martin Pirker IAIK, TU Graz |
