[Trustedjava-support] Certification of the public keys with the TcIRsaKey.certifyKey() method

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I have the question which I can't resolve myself. The situation is 
following (the following is client-side):

- I have the non-migratable BIND type key on the client
- I have created and activated TPM identity key
- I have certified the BIND public key with the private portion of the 
TPM AIK using the TcIRsaKey.certifyKey() method
- I have received the TcTssValidation structure that contains the signature

Now I need to transfer the AIK public key and BIND key signature to the 
server and verify the signature of the BIND key using the AIK public key.

How can I do it assuming the server has the TPM chip as well?

The most reasonable solution I have thought of is signing manually the 
public BIND key with the public AIK key and comparing the results, but 
that leaves a question why using the TcIRsaKey.certifyKey() method at 
all? I can sign the public BIND key with the private AIK key using sign 
method of the TSS.

I would really appreaciate if someone shed the light on the situation 
for me!

Regards,

Maksim.