[Trustedjava-support] jtt on win 7 and creating an AIK programmatically

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,
I have finally managed to find some time to start playing with jTSS and I have managed to set up everything properly and started writing some java code.
Looks like I have successfully taken ownership of the TPM and can query PCRs values and extract the EK certificate programmatically.
Now, I would like to create an AIK, and I seem to have managed, using the j_tpm_tools programmatically, in the following manner:

RSAKeyPairGenerator rsa=new RSAKeyPairGenerator();
KeyPair rsaKeys=rsa.generateKeyPair();
RSAPublicKey rsaPub=(RSAPublicKey) rsaKeys.getPublic();
X509Certificate EKCert=new X509Certificate(EKcert.asByteArray());//extracted before by ReadEKCert.getEKCertAlternative(pass);
AttributeCertificate peCert=AikUtil.createPECertificate(EKCert);
X509Certificate AIKCert=AikUtil.createAIKCertificate(EKCert, peCert, RSApub, "AIK test");

This seems to be some kind of dummy AIK certificate generated by some internal privacy CA?
How would I go to get the AIK certificate signed by privacyCA.com instead?
I see that I have to generate TPM_IDENTITY_REQ blob and send it as a POST to privacyCA.com, but I don't see any Tspi_TPM_CollateIdentityRequest ()anywhere, only a TcTPMIdentityRequest() method in the jTSS, but when I call it like that I don't get anything.
Should I call it with the blob parameter? If so, how would I generate such a blob?

Sorry if the question is trivial, but it is the first time playing with the TPM, although I read the theory, and I could not find any clear documentation about this.

Thanks in advance for any help.

Federico Mancini