Re: [Trustedjava-support] Creating EKCertificate

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Simon Mittelberger wrote:
> I would like to attest to another party that my signingKey belongs to a
> tpm, by signing the certificate for the signingKey through the aik.
[...]
>    error layer:                0x00 (TPM)
>    error message: The usage of a key is not allowed
[...]
> If i change the TSS_KEY_TYPE_IDENTITY to TSS_KEY_TYPE_SIGNING it all
> works fine. But it has to be an AIK in my scenario.
> 
> Do you have any suggestions?

Read TPM specifications rev 103, part 3,
chapter 13.5, command "TPM_Sign", action number 3.

Martin