Re: [Trustedjava-support] Create/Load AIK key

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 2012-06-04 19:13, dna...@de... wrote:
> I am having trouble with loading the same AIK key that I had created
> previously from a collateIdenitiyRequest command.  The AIK does not
> appear to be migrateable

An AIK is never migrateable.

collateIdentity calls the MakeIdentity low-level command of the TPM.
See TPM specs part3, section 15.1 TPM_MakeIdentity, action 5:

   "Verify that idKeyParams -> keyFlags -> migratable is FALSE.
    If it is not, return TPM_INVALID_KEYUSAGE"

The TPM refuses to create migrateable AIKs.

> and I cannot figure out how to load it using the JTSS API.

Once created, an AIK key blob is just like any other TPM key blob.

HTH,
Martin