From: <Fed...@ff...> - 2012-10-18 09:16:51
|
Here is the output of the test you sent me. It confirms what you said. Waiting for new laptop...:) Thanks again. Federico run: -== TPM Information ==- TPM Version Info: tpmVendorID: IFX -== VALIDATION ==- The calculated SHA-1 hash of the modulus: df5733968e250ebe07b82bb099109f5590d57dfa The SHA-1 hash of the modulus as it was returned in the validation data: 4a06c58f10e86cf76bec2cce0cb71dac927a4e54 The SHA-1 hash of the entire TPM_STORE_PUBKEY struct 4a06c58f10e86cf76bec2cce0cb71dac927a4e54 ERROR: Digest of the certified key's modulus does not match the one in the provided validation data! ______________ SUCCESS: Signature successfully verified. ______________ SUCCESS: The nonce was successfully verified. ______________ 2012/10/18 <Fed...@ff...<mailto:Fed...@ff...>> -----Opprinnelig melding----- Fra: Martin Pirker [mailto:Mar...@ia...<mailto:Mar...@ia...>] Sendt: 18. oktober 2012 10:15 Til: tru...@li...<mailto:tru...@li...> Emne: Re: [Trustedjava-support] validate a certified key On 2012-10-17 22:29, Ronald Tögl wrote: > I recall that some not so old Infineon TPMs needed a Firmware Update (to 3.17) to certify keys correctly... IFX TPMs up to FW 3.16 are calculating the hash over the entire TPM_STORE_PUBKEY struct instead of just the key modulus as described in the TPM specification. This was fixed in FW 3.17. FYI, test code to check for this TPM bug and sample outputs attached. HTH, Martin |