[Trustedjava-support] Quotation verification

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Dear jTSS-Users,

I have got the following problem with remote attestation: I can quote the PCR-20 state on my machine with the following code:

//AIK has been loaded
TcIPcrComposite pcrComposite = context.createPcrCompositeObject(TcTssConstants.TSS_PCRS_STRUCT_INFO_SHORT);
pcrComposite.selectPcrIndexEx(20, TcTssConstants.TSS_PCRS_DIRECTION_RELEASE);
pcrComposite.setPcrValue(20, tpm.pcrRead(20));

TcBlobData nonceBlob = TcBlobData.newStringASCII(nonce); //the nonce is provided by the server
TcTssValidation nonceValidation = new TcTssValidation();
nonceValidation.setExternalData(nonceBlob);

TcTssValidation quotationResult = new TcTssValidation();
quotationResult = tpm.quote(aik, pcrComposite, nonceValidation);

However, now I wonder how to best send this data to the server and how to reconstruct and verify the signature at the server application? I was thinking about using IAIK JCE.

Can I use
String quotedPCR = quotationResult.getData().toHexStringNoWrap();
  and
String signedQuotedPCR = quotationResult.getValidationData().toHexStringNoWrap();

at the client - send those data to the server and then provide the update- and verify function of the signature object with those data?

The error I get is a PKCS#1 bad padding error when I perform it that way...

Thanks a lot in advance and best regards,
Ronald