Re: [Trustedjava-support] Load SRK encrypted key pair from disc

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello Ronald,

it seems that I successfully a libengine-tpm-openssl Key with
TrustedJava. I can convert it into a Java RSA key pair and print the
public part to command line for example.

But when I try to use this key *hash.sign(tcRSAKey)*  I am asked for a
password. The key itself has *no* authorization data, the parent key
(SRK) has the TSS_WELL_KNOWN_SECRET. Why I'am asked for a password and
how can I set the correct policy to ask for no password?

Here my sample code:

public class Test {
...
    public static void main(String[] args) throws TcTssException {

        File file = new File("/home/gian/KEY");

        try {

            keyfis = new FileInputStream(file);
            encKey = new byte[keyfis.available()];
            keyfis.read(encKey);
            keyfis.close();

            wrapped_tcRsaKey = TcBlobData.newByteArray(encKey);

        } catch (IOException ex) {
            //ex.printStackTrace();
        }

        context_ = new TcTssContextFactory().newContextObject();
        context_.connect();

        srk_ =
context_.loadKeyByUuidFromSystem(TcUuidFactory.getInstance().getUuidSRK());

        srkPolicy =
context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
        srkPolicy.setSecret(SRK_SECRET_MODE, SRK_SECRET);
        srkPolicy.assignToObject(srk_);

        tpmPolicy =
context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
        tpmPolicy.setSecret(OWNER_SECRET_MODE, OWNER_SECRET);

        tcRSAKey = context_.loadKeyByBlob(srk_, wrapped_tcRsaKey);

        TcIHash hash =
context_.createHashObject(TcTssConstants.TSS_HASH_SHA1);
        hash.updateHashValue(TcBlobData.newString("text"));
        hash.sign(tcRSAKey); // askes for secret  

        tcRSAKey.unloadKey();

    }
}

Thanks in advance!

Gianfranco

Ronald Tögl schrieb:
> Hi Gianfranco,
>
> With jTSS you can load keys from a byte array, which contains a TCG
> specified TPM_KEY repectively a TPM_KEY12 structure. In the
> loadKeyByBlob method you can also specify the SRK as parent.
>
> However, I do not have the faintest idea how libengine-tpm-openssl
> keys are formatted and therefore I cannot tell you the details of how
> to import them to jTSS.
>
> hth, Ronald
>
> Gianfranco Ricci wrote:
>> Hello TrustedJava Users,
>>
>> I' am new to TrustedJava and have the following Problem:
>>
>> I have created an TPM proteced key pair with libengine-tpm-openssl which
>> now is stored on my hard disk.
>> Now i try to load this SRK encrypted key pair with jTSS. Therefore I
>> only found the function "loadKeyByBlob", but this function seems not
>> useful for me.
>>
>> Is there an other possibility to load an encrypted File as key pair with
>> jTSS??
>
>