From: <Fed...@ff...> - 2012-10-01 11:41:34
|
Sorry I forgot to mention (as in written in the subject) that I had trouble running jtt from command line, because I get the following error: C:\Users\Public\jsr321\jTSS_0.7\jTpmTools_0.7>jtt 'REG' is not recognized as an internal or external command, operable program or batch file. --------------------- IAIK Java TPM Tools --------------------- Exception in thread "main" java.lang.NoClassDefFoundError: iaik/tc/utils/cmdline /CommandlineException at java.lang.Class.getDeclaredMethods0(Native Method) at java.lang.Class.privateGetDeclaredMethods(Class.java:2442) at java.lang.Class.getMethod0(Class.java:2685) at java.lang.Class.getMethod(Class.java:1620) at sun.launcher.LauncherHelper.getMainMethod(LauncherHelper.java:492) at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:484) Caused by: java.lang.ClassNotFoundException: iaik.tc.utils.cmdline.CommandlineEx ception at java.net.URLClassLoader$1.run(URLClassLoader.java:366) at java.net.URLClassLoader$1.run(URLClassLoader.java:355) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:354) at java.lang.ClassLoader.loadClass(ClassLoader.java:423) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) at java.lang.ClassLoader.loadClass(ClassLoader.java:356) ... 6 more Seems to be something with the REG command which is not supported in Windows 7? Fra: Mancini, Federico Sendt: 1. oktober 2012 13:29 Til: 'tru...@li...' Emne: jtt on win 7 and creating an AIK programmatically Hi, I have finally managed to find some time to start playing with jTSS and I have managed to set up everything properly and started writing some java code. Looks like I have successfully taken ownership of the TPM and can query PCRs values and extract the EK certificate programmatically. Now, I would like to create an AIK, and I seem to have managed, using the j_tpm_tools programmatically, in the following manner: RSAKeyPairGenerator rsa=new RSAKeyPairGenerator(); KeyPair rsaKeys=rsa.generateKeyPair(); RSAPublicKey rsaPub=(RSAPublicKey) rsaKeys.getPublic(); X509Certificate EKCert=new X509Certificate(EKcert.asByteArray());//extracted before by ReadEKCert.getEKCertAlternative(pass); AttributeCertificate peCert=AikUtil.createPECertificate(EKCert); X509Certificate AIKCert=AikUtil.createAIKCertificate(EKCert, peCert, RSApub, "AIK test"); This seems to be some kind of dummy AIK certificate generated by some internal privacy CA? How would I go to get the AIK certificate signed by privacyCA.com instead? I see that I have to generate TPM_IDENTITY_REQ blob and send it as a POST to privacyCA.com, but I don't see any Tspi_TPM_CollateIdentityRequest ()anywhere, only a TcTPMIdentityRequest() method in the jTSS, but when I call it like that I don't get anything. Should I call it with the blob parameter? If so, how would I generate such a blob? Sorry if the question is trivial, but it is the first time playing with the TPM, although I read the theory, and I could not find any clear documentation about this. Thanks in advance for any help. Federico Mancini |