Re: [Trustedjava-support] validate a certified key

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

What TPM are you using? I recall that some not so old Infineon TPMs 
needed a Firmware Update (to 3.17) to certify keys correctly...
t
Ronald

Am 17.10.2012 15:01, schrieb Fed...@ff...:
>
> Hi again,
>
> Just wondering whether anyone has any idea why this code return false 
> (that is, the key that I certified with the AIK does not seem to be 
> valid when reversing the certification process ). Some digging 
> revealed that the test failed when the digest of the public key of 
> sign is compared with the digest extracted fromval.getData()(I checked 
> the code inRemoteCertifierImpl). The two digests are indeed different, 
> but why?I don't see how that can fail, since I am passing the 
> validation data directly to the remote certifier.....
>
>             TPMContext context=TPMContext.getInstance();
>
>             context.connect(null);
>
>    TPM tpm=context.getTPMInstance();
>
>    Certifier cert=context.getCertifier();
>
>    IdentityKey aikKey=(IdentityKey) manager.loadTPMSystemKey(srk, 
> UUID.fromString("15b986a9-6124-4c70-bf1b-4a9e39e5998c"), secretAik);
>
>             SigningKey sign = (SigningKey) 
> manager.loadTPMSystemKey(srk, 
> UUID.fromString("13f478d6-f5a9-4445-892a-730427a2fe69"), 
> Secret.WELL_KNOWN_SECRET);
>
>             Digest digest = context.getDigest(tpm.getRandom(20));
>
>             ValidationData val = cert.certifyKey(sign, aikKey, digest);
>
>             RemoteCertifier remCert=context.getRemoteCertifier();
>
>             System.out.println("The signing key is valid = 
> "+remCert.validate(val, (RSAPublicKey) sign.getPublicKey(), 
> (RSAPublicKey) aikKey.getPublicKey(), digest));
>
> Federico
>
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
>
>
> _______________________________________________
> Trustedjava-support mailing list
> Tru...@li...
> https://lists.sourceforge.net/lists/listinfo/trustedjava-support