From: Ronald T. <ron...@ia...> - 2012-10-17 20:29:31
|
Hi, What TPM are you using? I recall that some not so old Infineon TPMs needed a Firmware Update (to 3.17) to certify keys correctly... t Ronald Am 17.10.2012 15:01, schrieb Fed...@ff...: > > Hi again, > > Just wondering whether anyone has any idea why this code return false > (that is, the key that I certified with the AIK does not seem to be > valid when reversing the certification process ). Some digging > revealed that the test failed when the digest of the public key of > sign is compared with the digest extracted fromval.getData()(I checked > the code inRemoteCertifierImpl). The two digests are indeed different, > but why?I don't see how that can fail, since I am passing the > validation data directly to the remote certifier..... > > TPMContext context=TPMContext.getInstance(); > > context.connect(null); > > TPM tpm=context.getTPMInstance(); > > Certifier cert=context.getCertifier(); > > IdentityKey aikKey=(IdentityKey) manager.loadTPMSystemKey(srk, > UUID.fromString("15b986a9-6124-4c70-bf1b-4a9e39e5998c"), secretAik); > > SigningKey sign = (SigningKey) > manager.loadTPMSystemKey(srk, > UUID.fromString("13f478d6-f5a9-4445-892a-730427a2fe69"), > Secret.WELL_KNOWN_SECRET); > > Digest digest = context.getDigest(tpm.getRandom(20)); > > ValidationData val = cert.certifyKey(sign, aikKey, digest); > > RemoteCertifier remCert=context.getRemoteCertifier(); > > System.out.println("The signing key is valid = > "+remCert.validate(val, (RSAPublicKey) sign.getPublicKey(), > (RSAPublicKey) aikKey.getPublicKey(), digest)); > > Federico > > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > > > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support |