Menu
▾
▴
[Trustedjava-support] How to set SRK secret to TSS_WELL_KNOWN_SECRET
|
From: Mudassar A. <mud...@ho...> - 2011-03-11 14:05:15
|
Hi
SRK secret is one thing, I am actually unable to load srk instance using
context. Is it possible to load SRK even if it is not registered in system
PS (this is where I think take_ownership is required)?
Well, I tried to create another key with SRK being its parent key. I used
following code but get error "No secret set for this policy object" when I
call createKey(srk, null). Obviously because SRK is not registered.
/*KEY CREATION*/
//Parent key SRK
TcIRsaKey srk =
context.getKeyByUuid(TcTssConstants.TSS_PS_TYPE_SYSTEM,TcUuidFactory.getInstance().getUuidSRK());
TcIPolicy srkPolicy =
context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
srkPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1,
TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET) );
srkPolicy.assignToObject(srk);
/*Binding Key*/
// Create an empty binding key object
long keyAttributes = TcTssConstants.TSS_KEY_SIZE_2048 |
TcTssConstants.TSS_KEY_TYPE_BIND |
TcTssConstants.TSS_KEY_VOLATILE |
TcTssConstants.TSS_KEY_NOT_MIGRATABLE |
TcTssConstants.TSS_KEY_NO_AUTHORIZATION;
//default
TcIRsaKey bindKey = context.createRsaKeyObject(keyAttributes);
// Bind key usage policy
TcIPolicy bindKeyPolicy =
context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
bindKeyPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
Define.BIND_KEY_SECRET);
bindKeyPolicy.assignToObject(bindKey);
// Bind key migration policy (just to avoid popup)
TcIPolicy bindKeyMigrationPolicy =
context.createPolicyObject(TcTssConstants.TSS_POLICY_MIGRATION);
bindKeyMigrationPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_NONE,
null);
bindKeyMigrationPolicy.assignToObject(bindKey);
//Parent key SRK
bindKey.createKey(srk, null);
Regards.
Mudassar.
|
