Re: [Trustedjava-support] validate a certified key

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,
Thanks for the answer!
I would have never thought something like that, and it seems like that is indeed the problem. Since I had no idea how to find out the firmware version I tried running the test script that comes with the jTSS, and the last test says exactly:
"skipping testCertifyKeyandValidate() on IFX TPM's with revision <3.17"....

Well, updating the firmware does not seem an easy task. Hp has a long list of requirement to make it work. Among which having taken ownership of TPM through the HP security tools, install the HP protect tools, etc....Maybe I should just wait for my new laptop...

Federico

Btw, where do I see exactly which firmware version I have?

Fra: Ronald Tögl [mailto:ron...@ia...]
Sendt: 17. oktober 2012 22:30
Til: Mancini, Federico; tru...@li...
Emne: Re: [Trustedjava-support] validate a certified key

Hi,

What TPM are you using? I recall that some not so old Infineon TPMs needed a Firmware Update (to 3.17) to certify keys correctly...
t
Ronald

Am 17.10.2012 15:01, schrieb Fed...@ff...<mailto:Fed...@ff...>:
Hi again,
Just wondering whether anyone has any idea why this code return false (that is, the key that I certified with the AIK does not seem to be valid when reversing the certification process ). Some digging revealed that the test failed when the digest of the public key of sign is compared with the digest extracted from val.getData()(I checked the code in RemoteCertifierImpl). The two digests are indeed different, but why? I don't see how that can fail, since I am passing the validation data directly to the remote certifier.....

            TPMContext context=TPMContext.getInstance();
            context.connect(null);
   TPM tpm=context.getTPMInstance();
   Certifier cert=context.getCertifier();
   IdentityKey aikKey=(IdentityKey) manager.loadTPMSystemKey(srk, UUID.fromString("15b986a9-6124-4c70-bf1b-4a9e39e5998c"), secretAik);
            SigningKey sign = (SigningKey) manager.loadTPMSystemKey(srk, UUID.fromString("13f478d6-f5a9-4445-892a-730427a2fe69"), Secret.WELL_KNOWN_SECRET);
            Digest digest = context.getDigest(tpm.getRandom(20));
            ValidationData val = cert.certifyKey(sign, aikKey, digest);
            RemoteCertifier remCert=context.getRemoteCertifier();
            System.out.println("The signing key is valid = "+remCert.validate(val, (RSAPublicKey) sign.getPublicKey(), (RSAPublicKey) aikKey.getPublicKey(), digest));

Federico

------------------------------------------------------------------------------

Everyone hates slow websites. So do we.

Make your web apps faster with AppDynamics

Download AppDynamics Lite for free today:

http://p.sf.net/sfu/appdyn_sfd2d_oct

_______________________________________________

Trustedjava-support mailing list

Tru...@li...<mailto:Tru...@li...>

https://lists.sourceforge.net/lists/listinfo/trustedjava-support