From: <Fed...@ff...> - 2012-10-04 09:51:34
|
I will answer myself: no idea why it didn't work (tried for a whole day), but just restart your computer, it might magically work afterwards, as it happened in my case.... Now, I have the AIK and a signing key, and I would like to use the AIK to certify the key and get a TPM_CERTIFY_INFO data structure that can be used in the SKAE extension of a X509 certificate. I used the JSR321 Certifier class to generate a ValidationData Object, question is, how is the ValidationData object related to the TPM_CERTIFY_INFO structure? The validationData return from the DataValidation object, is some random data, or the public part of the signing key I certified? I see that the jTSS has a TcTPMCertifyInfo class that could return the exact structure, is it possible to use it from the JSR321? Or is it exactly what happens when using the Certifier? Thanks for any insight! Federico Fra: Mancini, Federico Sendt: 3. oktober 2012 14:43 Til: Mancini, Federico; Tru...@li... Emne: SV: [Trustedjava-support] jtt on win 7 and creating an AIK programmatically (Sorry if this has been sent twice, but I got a message about that something was blocked because too big, so I resent it with no previous conversations) Hi, I did some digging (used the getStoredTPMKeys method....), and found out that the error was due to the fact that I used the LoadTPMKey method instead for the loadTPMSystemKey method. (By the way, what is the difference?) However now I get another error: Authorization failed. I assume this has to do with the secret associated to the key. Do I create it wrong, or is the srk not the actual parent key of all AIKs created as illustrated here http://java.net/projects/jsr321/pages/SetupIAIKTCK? StorageRootKey srk=keyManager.loadStorageRootKey(Secret.WELL_KNOWN_SECRET); Secret pass=context.getSecret("justASecret".toCharArray); IdentityKey aik=(IdentityKey) keyManager.loadTPMSystemKey(srk,uuid,pass); Federico |