[Trustedjava-support] validate a certified key

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi again,
Just wondering whether anyone has any idea why this code return false (that is, the key that I certified with the AIK does not seem to be valid when reversing the certification process ). Some digging revealed that the test failed when the digest of the public key of sign is compared with the digest extracted from val.getData()(I checked the code in RemoteCertifierImpl). The two digests are indeed different, but why? I don't see how that can fail, since I am passing the validation data directly to the remote certifier.....

            TPMContext context=TPMContext.getInstance();
            context.connect(null);
   TPM tpm=context.getTPMInstance();
   Certifier cert=context.getCertifier();
   IdentityKey aikKey=(IdentityKey) manager.loadTPMSystemKey(srk, UUID.fromString("15b986a9-6124-4c70-bf1b-4a9e39e5998c"), secretAik);
            SigningKey sign = (SigningKey) manager.loadTPMSystemKey(srk, UUID.fromString("13f478d6-f5a9-4445-892a-730427a2fe69"), Secret.WELL_KNOWN_SECRET);
            Digest digest = context.getDigest(tpm.getRandom(20));
            ValidationData val = cert.certifyKey(sign, aikKey, digest);
            RemoteCertifier remCert=context.getRemoteCertifier();
            System.out.println("The signing key is valid = "+remCert.validate(val, (RSAPublicKey) sign.getPublicKey(), (RSAPublicKey) aikKey.getPublicKey(), digest));

Federico