Re: [Trustedjava-support] Migration

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello,

sorry to getting back to you in such delay.

I am having problems to load the private part of an externally generated 
key to the TPM.
I tried to extend the code in the function pubJavaToTpm in TcCrypto to 
load also the private part. But it fails in an exception.
So i generate two Objects:

TcTpmStorePrivkey storePrivKey = new TcTpmStorePrivkey();
TcTpmStorePubkey storePubKey = new TcTpmStorePubkey();
storePrivKey.setKey(TcBlobData.newByteArray(modulusPriv));
storePubKey.setKey(TcBlobData.newByteArray(modulusPub));

The modulus is transformed in the same way than in TcCrypto.
The public part is loaded in this way:

TcTpmPubkey pubKeyStruct = 
TcCrypto.pubJavaToTpmKey((RSAPublicKey)keyPair.getPublic());
key.setAttribData(TcTssConstants.TSS_TSPATTRIB_KEY_BLOB, 
TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, pubKeyStruct.getEncoded());

Now i am trying to load the private keyblob into the tpm:

key.setAttribData(TcTssConstants.TSS_TSPATTRIB_KEY_BLOB, 
TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY, "here is my problem");
Something like storePrivKey.getKey() doesnt work. I get the TSS Error: 
0x28: The key properties in TPM_KEY_PARMs are not supported by this TPM.
This exception is thrown at the point:

key.createKey(srk_, null);

I also tried to set all the flags in a correct manner (at least it 
seemed correct to me).
Does this mean my tpm doesnt support the whole funciton of loading an 
extern key to it?
TPM 1.2 Version Info:
  Chip Version:        1.2.13.9
  Spec Level:          2
  Errata Revision:     1
  TPM Vendor ID:       ATML
  TPM Version:         01010000
  Manufacturer Info:   41544d4c

I did not find the right class or piece of code which has an example of 
that in it.

I am really exhausted from trying. If someone could give me an example 
how to load a normally created RSA key into a TPM i would really 
appreciate that.

Regards,
Simon

Ronald Tögl wrote:
> Hi Simon,
>
> You can also set the private part using the 
> TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY attribute.
>
> Of course, any such created TPM key MUST be initialized as "migratable".
>
> > But the private part has a few more troubles.
> Please try to be a bit more specific next time.. ;-)
>
> Ronald
>
>
>
> Simon Mittelberger wrote:
>> Hello,
>>
>> i didn't find a way to import an externally created RSA key into the 
>> TPM. Could you please describe a way how to do so?
>>
>> How to load the public part is quite clear:
>>
>>    KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
>>    generator.initialize((int)DeviceDefines.DEVICE_KEY_LENGTH);
>>    KeyPair keyPair = generator.generateKeyPair();
>>
>>    TcTpmPubkey pubKeyStruct = 
>> TcCrypto.pubJavaToTpmKey((RSAPublicKey)keyPair.getPublic());
>>    TcIRsaKey tpmmKey = 
>> context_.createRsaKeyObject(TcTssConstants.TSS_KEY_EMPTY_KEY);
>>
>>    pubKey.setAttribData(TcTssConstants.TSS_TSPATTRIB_KEY_BLOB, 
>> TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, 
>> pubKeyStruct.getEncoded());
>>
>> But the private part has a few more troubles.
>>
>> all the best
>> Simon
>>
>
>