Re: [Trustedjava-support] Certification of the public keys with the TcIRsaKey.certifyKey() method

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi...

I'm not quite sure what you want to archive, but I'll try to give
some help. You do not seem to be sure which key you want to use
for which application.

Maksim Djackov wrote:
> why using the TcIRsaKey.certifyKey() method at all?

For certifying a non-migratable key with an identity key.

Quoting TPM specification, command TPM_CertifyKey:

"A TPM identity key may be used to certify non-migratable keys but is not=

 permitted to certify migratory keys or certified migration keys. As such=
,
 it allows the TPM to make the statement =93this key is held in a TPM-shi=
elded
 location, and it will never be revealed.=94 For this statement to have v=
eracity,
 the Challenger must trust the policies used by the entity that issued th=
e
 identity and the maintenance policy of the TPM manufacturer."

 "When this command is run to certify [...] it will return and sign
  a TPM_CERTIFY_INFO(2) structure"

> I can sign the public BIND key with the private AIK key using sign=20
> method of the TSS.

I don't think so. Quoting TPM specification, command TPM_Sign:

"The Sign command signs data and returns the resulting digital signature"=

"Validate that keyHandle->keyUsage is TPM_KEY_SIGNING or TPM_KEY_LEGACY,
 if not return the error code TPM_INVALID_KEYUSAGE"

The TCG specs are rather cryptic reading, but if you want an
authorative source, you'll have to bite through.

> - I have the non-migratable BIND type key on the client
> - I have created and activated TPM identity key
> - I have certified the BIND public key with the private portion of the
>   TPM AIK using the TcIRsaKey.certifyKey() method
> - I have received the TcTssValidation structure that contains the signa=
ture
>
> Now I need to transfer the AIK public key and BIND key signature to the=

> server and verify the signature of the BIND key using the AIK public ke=
y.

A validator requires 3 data packages
* an AIK certificate with the AIK public key
* the CERTIFY_INFO_STRUCTURE plain data of the certified key
  (if he is not able to reconstruct it by other means)
* the signature resulting from the certification

So you
* check correctness of AIK certificate
* use AIK public key from certificate to verify signature on raw data blo=
ck
* check raw data if key fields etc. are as expected

> How can I do it assuming the server has the TPM chip as well?

There is no need for a TPM for verifying a signature on a block of data.

HTH,
Martin