[Trustedjava-support] AIK Creation with Privacy CA

[Timo P. <tim...@tk...>]

Hi!

We are trying to use jTSS with a Privacy CA at www.privacyca.com. We
have taken the fakeEKCert (which should work for testing) from the
privacy.c example file and been able to get the certificate from that
site, extracted the public key, and created the AIK request by calling
collateIdentityRequest. We sent the request and get the response in
xml-format. We have parsed the response and called activateIdentity when
the following stacktrace is printed:

iaik.tc.tss.api.exceptions.tcs.TcTpmException: 

TSS Error:
error layer:                0x00 (TPM)
error code (without layer): 0x21
error code (full):          0x21
error message: The decryption process did not complete.

	at
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73)
	at
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdIdentity.TpmActivateIdentity(TcTpmCmdIdentity.java:176)
	at
iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipActivateTpmIdentity(TcTcsi.java:2294)
	at
iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipActivateIdentity(TcTcsBindingLocal.java:680)
	at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspActivateIdentity_Internal(TcTspInternal.java:3627)
	at iaik.tc.tss.impl.java.tsp.TcTpm.activateIdentity(TcTpm.java:141)


The error message doesn't really tell why the decryption process fails.
We believe that we get correct responses from the Privacy CA and have
created the asymmetric and symmetric blobs correctly. We also did took a
look at the test source files e.g. Client.java, and copied some of our
code from there.

Any idea where the problem might be? 


Best regards,

Timo Päkkilä
Helsinki University of Technology
Finland