[Trustedjava-support] Sign with TPM Key-Verify with SunJCE problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'm having another problem related to SunJCE-JTSS interoperability;
I'm beginning to suspect I'm doing something wrong and hope someone
on the list can point me in the correct direction.

I've generated a non-migratable signing key and used it to sign some
text.  Upon using the JCE Signature object to verify the signature,
the verification always fails.  Looking through the TestHash.java
source, I realized that it does not use the JCE for verification.

I later ran a simple hash comparison and found that I'm getting
different values for the same text.  That explains why the signature
never verifies with SunJCE; but why are the hashes different?  Am I
missing something?

Thanks for any pointers.

Arshad Noor
StrongAuth, Inc.

Same configuration as for the bind-unbind problem from this morning:

JDK: 6 U15 - 64-bit
OS: CentOS 5.3 (Kernel 2.6.18-128.7.1.el5)
JTSS: 0.41
TPM: STM 1.2.4.30

Sample test code:
------------------
String text = "The quick brown fox jumps over the lazy dog.";
TcBlobData tbs = TcBlobData.newString(text);
TcIHash sha1hash =
	tpmctx.createHashObject(TcTssConstants.TSS_HASH_SHA1);
sha1hash.updateHashValue(tbs);
System.out.println("Hash from TPM is: " + new
	String(Base64.encode(sha1hash.getHashValue().asByteArray())));
MessageDigest md = MessageDigest.getInstance("SHA1");
System.out.println("Hash from JCE is: " + new
	String(Base64.encode(md.digest(text.getBytes()))));
------------------