Menu
▾
▴
trustedjava-support — Trusted Java General Support
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(3) |
Jun
(4) |
Jul
(10) |
Aug
(6) |
Sep
(6) |
Oct
(5) |
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
|
Feb
(14) |
Mar
(25) |
Apr
(9) |
May
(10) |
Jun
(9) |
Jul
(33) |
Aug
(52) |
Sep
(15) |
Oct
(6) |
Nov
(4) |
Dec
(6) |
| 2008 |
Jan
(27) |
Feb
(3) |
Mar
(6) |
Apr
(7) |
May
(8) |
Jun
(4) |
Jul
(21) |
Aug
(8) |
Sep
(9) |
Oct
(6) |
Nov
(1) |
Dec
(1) |
| 2009 |
Jan
(1) |
Feb
(1) |
Mar
(10) |
Apr
(7) |
May
(8) |
Jun
(10) |
Jul
(11) |
Aug
(17) |
Sep
(13) |
Oct
(13) |
Nov
(1) |
Dec
(5) |
| 2010 |
Jan
(5) |
Feb
(9) |
Mar
(12) |
Apr
(4) |
May
(5) |
Jun
(3) |
Jul
(7) |
Aug
(7) |
Sep
(3) |
Oct
(12) |
Nov
(5) |
Dec
(2) |
| 2011 |
Jan
(9) |
Feb
(3) |
Mar
(24) |
Apr
(3) |
May
(1) |
Jun
|
Jul
(3) |
Aug
(8) |
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
(4) |
Feb
|
Mar
|
Apr
(3) |
May
(12) |
Jun
(7) |
Jul
(9) |
Aug
|
Sep
(14) |
Oct
(19) |
Nov
(4) |
Dec
|
| 2013 |
Jan
(1) |
Feb
(3) |
Mar
(1) |
Apr
(5) |
May
(3) |
Jun
(7) |
Jul
(6) |
Aug
(4) |
Sep
(1) |
Oct
|
Nov
|
Dec
(2) |
| 2014 |
Jan
|
Feb
(2) |
Mar
(3) |
Apr
(1) |
May
(1) |
Jun
(6) |
Jul
(14) |
Aug
(5) |
Sep
(7) |
Oct
(3) |
Nov
|
Dec
(1) |
| 2015 |
Jan
(3) |
Feb
|
Mar
(4) |
Apr
|
May
(1) |
Jun
(9) |
Jul
|
Aug
(1) |
Sep
|
Oct
(1) |
Nov
(4) |
Dec
(4) |
| 2016 |
Jan
|
Feb
(1) |
Mar
|
Apr
(1) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
|
| 2017 |
Jan
|
Feb
|
Mar
(2) |
Apr
(1) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(1) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(11) |
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(2) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Ronald T. <ron...@ia...> - 2009-09-09 09:04:03
|
Hi,
The data you bind must be encrypted in a tdTPM_BOUND_DATA structure, the
definition of which can be found in the TPM specifications.
Ronald
Arshad Noor wrote:
> Hi,
>
> Recently started testing native JTSS 0.41. All tests pass on my
> system (JDK6U15 64-bit on CentOS 5.3; TPM is an STM 1.2.4.30).
>
> When I try to encrypt data or a symmetric key (using SunJCE) with
> an RSAPublicKey (whose Bind Key was generated in the TPM) and
> decrypt the ciphertext with the Bind Key in the TPM, I run into
> the following exception consistently:
>
> ---------------------
> iaik.tc.tss.api.exceptions.tcs.TcTpmException:
>
> TSS Error:
> error layer: 0x00 (TPM)
> error code (without layer): 0x21
> error code (full): 0x21
> error message: The decryption process did not complete.
>
> at
> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73)
> at
> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdStorage.TpmUnBind(TcTpmCmdStorage.java:244)
> at
> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipUnBind(TcTcsi.java:1638)
> at
> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipUnBind(TcTcsBindingLocal.java:442)
> at
> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspUnBind_Internal(TcTspInternal.java:1766)
> at iaik.tc.tss.impl.java.tsp.TcEncData.unbind(TcEncData.java:221)
> at
> jtss.BindDataWithJCEUnbindWithTPM.main(BindDataWithJCEUnbindWithTPM.java:97)
> ---------------------
>
> I presume that it should be possible to do what I'm doing; I
> didn't see anything that might otherwise indicate that it was
> not possible. Here is the relevant section of the code that
> I'm using; it is the unbind() method that causes the problem:
>
> ------------------------
> String plaintext = "To be....or not to be; that is the question!";
> Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
> cipher.init(Cipher.ENCRYPT_MODE, rsabindkey);
> byte[] ciphertext = cipher.doFinal(plaintext.getBytes());
> TcIEncData encdataobject =
> tpmctx.createEncDataObject(TcTssConstants.TSS_ENCDATA_BIND);
> encdataobject.setAttribData(TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB,
> TcTssConstants.TSS_TSPATTRIB_ENCDATABLOB_BLOB,
> TcBlobData.newByteArray(ciphertext));
> bindkey.loadKey(srk);
> TcBlobData ptobject = encdataobject.unbind(bindkey);
> ------------------------
>
> I get the same exception even if I use "NoPadding" in my
> cipher's transform.
>
> Thanks for your help.
>
> Arshad Noor
> StrongAuth, Inc.
>
>
--
Dipl.-Ing. Ronald Tögl phone +43 316/873-5502
Trusted Computing Labs fax +43 316/873-5520
IAIK ron...@ia...
Graz University of Technology http://www.iaik.tugraz.at
|
|
From: Arshad N. <ars...@st...> - 2009-09-09 02:49:02
|
Hi,
I'm having another problem related to SunJCE-JTSS interoperability;
I'm beginning to suspect I'm doing something wrong and hope someone
on the list can point me in the correct direction.
I've generated a non-migratable signing key and used it to sign some
text. Upon using the JCE Signature object to verify the signature,
the verification always fails. Looking through the TestHash.java
source, I realized that it does not use the JCE for verification.
I later ran a simple hash comparison and found that I'm getting
different values for the same text. That explains why the signature
never verifies with SunJCE; but why are the hashes different? Am I
missing something?
Thanks for any pointers.
Arshad Noor
StrongAuth, Inc.
Same configuration as for the bind-unbind problem from this morning:
JDK: 6 U15 - 64-bit
OS: CentOS 5.3 (Kernel 2.6.18-128.7.1.el5)
JTSS: 0.41
TPM: STM 1.2.4.30
Sample test code:
------------------
String text = "The quick brown fox jumps over the lazy dog.";
TcBlobData tbs = TcBlobData.newString(text);
TcIHash sha1hash =
tpmctx.createHashObject(TcTssConstants.TSS_HASH_SHA1);
sha1hash.updateHashValue(tbs);
System.out.println("Hash from TPM is: " + new
String(Base64.encode(sha1hash.getHashValue().asByteArray())));
MessageDigest md = MessageDigest.getInstance("SHA1");
System.out.println("Hash from JCE is: " + new
String(Base64.encode(md.digest(text.getBytes()))));
------------------
|
|
From: Arshad N. <ars...@st...> - 2009-09-08 18:49:36
|
Hi,
Recently started testing native JTSS 0.41. All tests pass on my
system (JDK6U15 64-bit on CentOS 5.3; TPM is an STM 1.2.4.30).
When I try to encrypt data or a symmetric key (using SunJCE) with
an RSAPublicKey (whose Bind Key was generated in the TPM) and
decrypt the ciphertext with the Bind Key in the TPM, I run into
the following exception consistently:
---------------------
iaik.tc.tss.api.exceptions.tcs.TcTpmException:
TSS Error:
error layer: 0x00 (TPM)
error code (without layer): 0x21
error code (full): 0x21
error message: The decryption process did not complete.
at
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73)
at
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdStorage.TpmUnBind(TcTpmCmdStorage.java:244)
at
iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipUnBind(TcTcsi.java:1638)
at
iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipUnBind(TcTcsBindingLocal.java:442)
at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspUnBind_Internal(TcTspInternal.java:1766)
at iaik.tc.tss.impl.java.tsp.TcEncData.unbind(TcEncData.java:221)
at
jtss.BindDataWithJCEUnbindWithTPM.main(BindDataWithJCEUnbindWithTPM.java:97)
---------------------
I presume that it should be possible to do what I'm doing; I
didn't see anything that might otherwise indicate that it was
not possible. Here is the relevant section of the code that
I'm using; it is the unbind() method that causes the problem:
------------------------
String plaintext = "To be....or not to be; that is the question!";
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, rsabindkey);
byte[] ciphertext = cipher.doFinal(plaintext.getBytes());
TcIEncData encdataobject =
tpmctx.createEncDataObject(TcTssConstants.TSS_ENCDATA_BIND);
encdataobject.setAttribData(TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB,
TcTssConstants.TSS_TSPATTRIB_ENCDATABLOB_BLOB,
TcBlobData.newByteArray(ciphertext));
bindkey.loadKey(srk);
TcBlobData ptobject = encdataobject.unbind(bindkey);
------------------------
I get the same exception even if I use "NoPadding" in my
cipher's transform.
Thanks for your help.
Arshad Noor
StrongAuth, Inc.
|
|
From: Martin P. <Mar...@ia...> - 2009-08-27 13:54:26
|
Today, the Trusted Computing for the Java Platform project[1] released an update of jTSS, a Trusted Software Stack (TSS) implemented in 100% Java, and jTpmTools, a command-line tool to exercise various TPM features. This update adds a comprehensive set of new commands to allow manipulation of TPM NV storage. This also allows to setup the proper policies for Trusted Boot[2], a tool to perform a measured "late launch" via Intel TXT technology. The new commands are: * Non Volatile Storage: nv_decode: decode data in non-volatile storage of the TPM nv_definespace: define an index and space in TPM NV RAM nv_lock: set the global lock for the NV storage - FOREVER! nv_releasespace: release a defined index nv_write: write data to TPM's NV RAM * Intel(R) Trusted eXecution Technology (TXT): txt_policy: create a TXT Launch Control Policy (LCP) txt_policyinfo: show informations about a LCP file * TBoot: tboot_pcr18: calculate value of PCR 18 after trusted boot tboot_pcr19-22: calculate values of PCRs above PCR 18 after trusted boot tboot_policy: create and modify TBoot Verified Launch Policy (VLP) tboot_policyinfo: show informations about a VLP file This release is EXPERIMENTAL! You can PERMANENTLY DAMAGE YOUR HARDWARE with this software! USE AT YOUR OWN RISK! We succeeded in setting up a measured TBoot on a HP dc7900, solely by using jTpmTools. However, a Intel DQ45CB got fried upon executing SINIT. Thus, your experience may vary.... :-) This release is a little bit rushed as we are hosting the 4th European Trusted Infrastructure Summerschool[3] this year and things are kinda hectic currently. If you come to ETISS - say hello! Thanks to all who contributed to this release! Have fun, Martin [1] http://trustedjava.sourceforge.net/ [2] http://sourceforge.net/projects/tboot/ [3] http://www.etiss.org/ |
|
From: Martin P. <Mar...@ia...> - 2009-08-24 12:00:56
|
Donnie . wrote: > I have recently started working on jTss with TPM Emulator. > Unable to open TPM device file /dev/tpm. Reason: /dev/tpm (Input/output error). > Though I have changed the permissions of /dev/tpm* by using the command chmod 777, but still its not working. The TPM emulator kernel module connects to the user space daemon, communicating via (usually) /var/run/tpm/tpmd_socket:0 You need to set proper directory plus permissions for this, too. Note: This most likely does not survive a reboot. >I hav to import only the related libraries from jTss folder You need at least iaik_jtss_tsp.jar and iaik_jtss_tcs.jar, plus their .ini files (placed into the same directory) to talk to the TPM. HTH, Martin |
|
From: Donnie . <abd...@ho...> - 2009-08-24 11:28:22
|
Dear Developers,
I have recently started working on jTss with TPM Emulator.
I run TPM Emulator with no problem. I have downloaded and unziped jTss in ubuntu. I am just experimenting whether jTss is working or not. so I wrote a simple program to connect the TcIContext. But it is giving me error that > Unable to open TPM device file /dev/tpm. Reason: /dev/tpm (Input/output error).
Though I have changed the permissions of /dev/tpm* by using the command chmod 777, but still its not working.
My code is given below:
public class firstClass {
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
TcIContext context = new TcTssContextFactory().newContextObject();
context.connect();
context.closeContext();
}catch (TcTssException e) {
e.printStackTrace();
}
}
}
What might be the problem? and how can i solve it in ubuntu i.e, i can be able to read/write /dev/tpm file?
Secondly I wana ask you that while making a java application, which will be using TPM, wat I hav to do, whether I hav to import only the related libraries from jTss folder or I hav to import whole jTss folder into my eclipse to run my application? I am confused about it. Because my be there is some setup to do before making java application in ubuntu.
Waiting for your replies.
THanks,
Best Regards,
iennoD
_________________________________________________________________
Share your memories online with anyone you want.
http://www.microsoft.com/middleeast/windows/windowslive/products/photos-share.aspx?tab=1 |
|
From: Simon M. <sim...@in...> - 2009-08-18 10:50:38
|
On 18 Aug 2009, at 11:46, Martin Pirker wrote: > Simon Mittelberger wrote: >> Does this mean my tpm doesnt support the whole funciton of loading an >> extern key to it? >> I did not find the right class or piece of code which has an >> example of >> that in it. > > There is one in jTssWrapper where public and private part is imported, > see directory src_tsp_tests, TestKeys.java, method testWrapKeys() > > jTSS and jTSSwrapper use the same top-level API, so this should > be portable - however I do not remember why this hasn't been ported > to the jTSS testsuite (yet?). On the key.wrapKey(parentKey, null); i get an TSS ERROR. TSS Error: error layer: 0x3000 (TSP) error code (without layer): 0x06 error code (full): 0x3006 error message: Not implemented. I also tried to load the key by context_.loadKeyByBlob(unwrappingKey, blob). But this needs a wrapping key. Is there another possibility to load an unwrapped key into the TPM? Regards, Simon |
|
From: Martin P. <Mar...@ia...> - 2009-08-18 09:47:47
|
Simon Mittelberger wrote: > Does this mean my tpm doesnt support the whole funciton of loading an > extern key to it? > I did not find the right class or piece of code which has an example of > that in it. There is one in jTssWrapper where public and private part is imported, see directory src_tsp_tests, TestKeys.java, method testWrapKeys() jTSS and jTSSwrapper use the same top-level API, so this should be portable - however I do not remember why this hasn't been ported to the jTSS testsuite (yet?). HTH, Martin |
|
From: Simon M. <sim...@in...> - 2009-08-17 14:07:24
|
Hello,
sorry to getting back to you in such delay.
I am having problems to load the private part of an externally generated
key to the TPM.
I tried to extend the code in the function pubJavaToTpm in TcCrypto to
load also the private part. But it fails in an exception.
So i generate two Objects:
TcTpmStorePrivkey storePrivKey = new TcTpmStorePrivkey();
TcTpmStorePubkey storePubKey = new TcTpmStorePubkey();
storePrivKey.setKey(TcBlobData.newByteArray(modulusPriv));
storePubKey.setKey(TcBlobData.newByteArray(modulusPub));
The modulus is transformed in the same way than in TcCrypto.
The public part is loaded in this way:
TcTpmPubkey pubKeyStruct =
TcCrypto.pubJavaToTpmKey((RSAPublicKey)keyPair.getPublic());
key.setAttribData(TcTssConstants.TSS_TSPATTRIB_KEY_BLOB,
TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, pubKeyStruct.getEncoded());
Now i am trying to load the private keyblob into the tpm:
key.setAttribData(TcTssConstants.TSS_TSPATTRIB_KEY_BLOB,
TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY, "here is my problem");
Something like storePrivKey.getKey() doesnt work. I get the TSS Error:
0x28: The key properties in TPM_KEY_PARMs are not supported by this TPM.
This exception is thrown at the point:
key.createKey(srk_, null);
I also tried to set all the flags in a correct manner (at least it
seemed correct to me).
Does this mean my tpm doesnt support the whole funciton of loading an
extern key to it?
TPM 1.2 Version Info:
Chip Version: 1.2.13.9
Spec Level: 2
Errata Revision: 1
TPM Vendor ID: ATML
TPM Version: 01010000
Manufacturer Info: 41544d4c
I did not find the right class or piece of code which has an example of
that in it.
I am really exhausted from trying. If someone could give me an example
how to load a normally created RSA key into a TPM i would really
appreciate that.
Regards,
Simon
Ronald Tögl wrote:
> Hi Simon,
>
> You can also set the private part using the
> TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY attribute.
>
> Of course, any such created TPM key MUST be initialized as "migratable".
>
> > But the private part has a few more troubles.
> Please try to be a bit more specific next time.. ;-)
>
> Ronald
>
>
>
> Simon Mittelberger wrote:
>> Hello,
>>
>> i didn't find a way to import an externally created RSA key into the
>> TPM. Could you please describe a way how to do so?
>>
>> How to load the public part is quite clear:
>>
>> KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
>> generator.initialize((int)DeviceDefines.DEVICE_KEY_LENGTH);
>> KeyPair keyPair = generator.generateKeyPair();
>>
>> TcTpmPubkey pubKeyStruct =
>> TcCrypto.pubJavaToTpmKey((RSAPublicKey)keyPair.getPublic());
>> TcIRsaKey tpmmKey =
>> context_.createRsaKeyObject(TcTssConstants.TSS_KEY_EMPTY_KEY);
>>
>> pubKey.setAttribData(TcTssConstants.TSS_TSPATTRIB_KEY_BLOB,
>> TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
>> pubKeyStruct.getEncoded());
>>
>> But the private part has a few more troubles.
>>
>> all the best
>> Simon
>>
>
>
|
|
From: Martin P. <Mar...@ia...> - 2009-08-17 07:35:10
|
Gianfranco Ricci wrote: > But when I try to use this key *hash.sign(tcRSAKey)* I am asked for a > password. The key itself has *no* authorization data, the parent key > (SRK) has the TSS_WELL_KNOWN_SECRET. Why I'am asked for a password and > how can I set the correct policy to ask for no password? try keyPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_NONE,null) HTH, Martin |
|
From: Gianfranco R. <gia...@in...> - 2009-08-13 14:28:27
|
Hello Ronald,
it seems that I successfully a libengine-tpm-openssl Key with
TrustedJava. I can convert it into a Java RSA key pair and print the
public part to command line for example.
But when I try to use this key *hash.sign(tcRSAKey)* I am asked for a
password. The key itself has *no* authorization data, the parent key
(SRK) has the TSS_WELL_KNOWN_SECRET. Why I'am asked for a password and
how can I set the correct policy to ask for no password?
Here my sample code:
public class Test {
...
public static void main(String[] args) throws TcTssException {
File file = new File("/home/gian/KEY");
try {
keyfis = new FileInputStream(file);
encKey = new byte[keyfis.available()];
keyfis.read(encKey);
keyfis.close();
wrapped_tcRsaKey = TcBlobData.newByteArray(encKey);
} catch (IOException ex) {
//ex.printStackTrace();
}
context_ = new TcTssContextFactory().newContextObject();
context_.connect();
srk_ =
context_.loadKeyByUuidFromSystem(TcUuidFactory.getInstance().getUuidSRK());
srkPolicy =
context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
srkPolicy.setSecret(SRK_SECRET_MODE, SRK_SECRET);
srkPolicy.assignToObject(srk_);
tpmPolicy =
context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
tpmPolicy.setSecret(OWNER_SECRET_MODE, OWNER_SECRET);
tcRSAKey = context_.loadKeyByBlob(srk_, wrapped_tcRsaKey);
TcIHash hash =
context_.createHashObject(TcTssConstants.TSS_HASH_SHA1);
hash.updateHashValue(TcBlobData.newString("text"));
hash.sign(tcRSAKey); // askes for secret
tcRSAKey.unloadKey();
}
}
Thanks in advance!
Gianfranco
Ronald Tögl schrieb:
> Hi Gianfranco,
>
> With jTSS you can load keys from a byte array, which contains a TCG
> specified TPM_KEY repectively a TPM_KEY12 structure. In the
> loadKeyByBlob method you can also specify the SRK as parent.
>
> However, I do not have the faintest idea how libengine-tpm-openssl
> keys are formatted and therefore I cannot tell you the details of how
> to import them to jTSS.
>
> hth, Ronald
>
> Gianfranco Ricci wrote:
>> Hello TrustedJava Users,
>>
>> I' am new to TrustedJava and have the following Problem:
>>
>> I have created an TPM proteced key pair with libengine-tpm-openssl which
>> now is stored on my hard disk.
>> Now i try to load this SRK encrypted key pair with jTSS. Therefore I
>> only found the function "loadKeyByBlob", but this function seems not
>> useful for me.
>>
>> Is there an other possibility to load an encrypted File as key pair with
>> jTSS??
>
>
|
|
From: Gianfranco R. <gia...@in...> - 2009-08-12 06:58:45
|
Hello Ronald, thanks for your fast response. I will try to use loadKeyByBlob for importing my key. libengine-tpm-openssl should create a TCG conform TPM_KEY structure, so loadKeyByBlob should be fine. Gianfranco Ronald Tögl schrieb: > Hi Gianfranco, > > With jTSS you can load keys from a byte array, which contains a TCG > specified TPM_KEY repectively a TPM_KEY12 structure. In the > loadKeyByBlob method you can also specify the SRK as parent. > > However, I do not have the faintest idea how libengine-tpm-openssl > keys are formatted and therefore I cannot tell you the details of how > to import them to jTSS. > > hth, Ronald > > Gianfranco Ricci wrote: >> Hello TrustedJava Users, >> >> I' am new to TrustedJava and have the following Problem: >> >> I have created an TPM proteced key pair with libengine-tpm-openssl which >> now is stored on my hard disk. >> Now i try to load this SRK encrypted key pair with jTSS. Therefore I >> only found the function "loadKeyByBlob", but this function seems not >> useful for me. >> >> Is there an other possibility to load an encrypted File as key pair with >> jTSS?? > > |
|
From: Ronald T. <ron...@ia...> - 2009-08-11 12:54:05
|
Hi Gianfranco, With jTSS you can load keys from a byte array, which contains a TCG specified TPM_KEY repectively a TPM_KEY12 structure. In the loadKeyByBlob method you can also specify the SRK as parent. However, I do not have the faintest idea how libengine-tpm-openssl keys are formatted and therefore I cannot tell you the details of how to import them to jTSS. hth, Ronald Gianfranco Ricci wrote: > Hello TrustedJava Users, > > I' am new to TrustedJava and have the following Problem: > > I have created an TPM proteced key pair with libengine-tpm-openssl which > now is stored on my hard disk. > Now i try to load this SRK encrypted key pair with jTSS. Therefore I > only found the function "loadKeyByBlob", but this function seems not > useful for me. > > Is there an other possibility to load an encrypted File as key pair with > jTSS?? -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Trusted Computing Labs fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
|
From: Ronald T. <ron...@ia...> - 2009-08-11 12:09:47
|
Hi Simon,
You can also set the private part using the
TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY attribute.
Of course, any such created TPM key MUST be initialized as "migratable".
> But the private part has a few more troubles.
Please try to be a bit more specific next time.. ;-)
Ronald
Simon Mittelberger wrote:
> Hello,
>
> i didn't find a way to import an externally created RSA key into the
> TPM. Could you please describe a way how to do so?
>
> How to load the public part is quite clear:
>
> KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
> generator.initialize((int)DeviceDefines.DEVICE_KEY_LENGTH);
> KeyPair keyPair = generator.generateKeyPair();
>
> TcTpmPubkey pubKeyStruct =
> TcCrypto.pubJavaToTpmKey((RSAPublicKey)keyPair.getPublic());
> TcIRsaKey tpmmKey =
> context_.createRsaKeyObject(TcTssConstants.TSS_KEY_EMPTY_KEY);
>
> pubKey.setAttribData(TcTssConstants.TSS_TSPATTRIB_KEY_BLOB,
> TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
> pubKeyStruct.getEncoded());
>
> But the private part has a few more troubles.
>
> all the best
> Simon
>
--
Dipl.-Ing. Ronald Tögl phone +43 316/873-5502
Trusted Computing Labs fax +43 316/873-5520
IAIK ron...@ia...
Graz University of Technology http://www.iaik.tugraz.at
|
|
From: Gianfranco R. <gia...@in...> - 2009-08-11 11:55:37
|
Hello TrustedJava Users, I' am new to TrustedJava and have the following Problem: I have created an TPM proteced key pair with libengine-tpm-openssl which now is stored on my hard disk. Now i try to load this SRK encrypted key pair with jTSS. Therefore I only found the function "loadKeyByBlob", but this function seems not useful for me. Is there an other possibility to load an encrypted File as key pair with jTSS?? Thanks in advance! Gianfranco |
|
From: Simon M. <sim...@in...> - 2009-08-10 15:06:58
|
Hello,
i didn't find a way to import an externally created RSA key into the
TPM. Could you please describe a way how to do so?
How to load the public part is quite clear:
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize((int)DeviceDefines.DEVICE_KEY_LENGTH);
KeyPair keyPair = generator.generateKeyPair();
TcTpmPubkey pubKeyStruct =
TcCrypto.pubJavaToTpmKey((RSAPublicKey)keyPair.getPublic());
TcIRsaKey tpmmKey =
context_.createRsaKeyObject(TcTssConstants.TSS_KEY_EMPTY_KEY);
pubKey.setAttribData(TcTssConstants.TSS_TSPATTRIB_KEY_BLOB,
TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, pubKeyStruct.getEncoded());
But the private part has a few more troubles.
all the best
Simon
Ronald Tögl wrote:
> Hello,
>
> You could consider to first generate your key in software, create a
> backup by any mechanism you prefer and then import it it the TPM and
> Finally remove it from the host system.
>
> Not highly elegant, but it should work just fine..
>
> Ronald
>
>
> Simon Mittelberger wrote:
>
>> We are currently searching for a sort of backup mechanism.
>> The Problem is that at the point when the backup blob should be
>> created we don't have another TPM,
>
>> To develop a migration authority to handle this, seems to be too
>> much effort, as it is only a proof of concept project.
>
>
>
|
|
From: Ronald T. <ron...@ia...> - 2009-08-07 09:55:51
|
Hello, You could consider to first generate your key in software, create a backup by any mechanism you prefer and then import it it the TPM and Finally remove it from the host system. Not highly elegant, but it should work just fine.. Ronald Simon Mittelberger wrote: > We are currently searching for a sort of backup mechanism. > The Problem is that at the point when the backup blob should be > created we don't have another TPM, > To develop a migration authority to handle this, seems to be too much > effort, as it is only a proof of concept project. -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Trusted Computing Labs fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
|
From: Simon M. <sim...@in...> - 2009-08-06 10:21:48
|
Hello, we built some sort of certificate authority with a TPM inside. We are currently searching for a sort of backup mechanism. The Problem is that at the point when the backup blob should be created we don't have another TPM, so the REWRAP function isn't practicable. To develop a migration authority to handle this, seems to be too much effort, as it is only a proof of concept project. My question now is: Is there a third option for to make a backup of migratable keys? We are searching something which covers the function described in 1.4.2 of the following paper: http://www.ei.rub.de/media/ei/lehrmaterialien/trusted-computing/KeyReplication_.pdf I grabbed the TPM specification already and didn't find something like that. Thanks in advance, best regards Simon Mittelberger |
|
From: Martin P. <Mar...@ia...> - 2009-08-03 08:31:55
|
Have a nice Monday morning.... Maurice van der Pot wrote: > I read in the instructions on building a reduced trusted java > compartment that the icedtea-minimal tarball provides "a custom version > of IcedTea 1.7 which is able to run on the uClibc system library and has > a reduced dependency set." > > Do you have some more information about what was changed? In order to achieve the small JRE footprint we removed all unneeded functionality for a server service, e.g: - all graphics - all sound - all printing - XML support - ... > Does the reduced dependency set translate into reduced functionality of the JRE? Yes, sure. > Have these changes been merged upstream? No, this was an experimental proof-of-concept effort. > I'm trying to get an idea of > how much work it would be to switch to a later version of icedtea or > openjdk. After release of the prototype we no longer tracked development of IcedTea. The work required would depend mostly on how many changes occurred in the OpenJDK directory structure and build system (make vs. ant, etc.). If your main interest is the uClibc port then you would need the libc detection in configure.ac, passing of @TARGET_LIBC@ in Makefile.am and these patches: icedtea-j2se-uclibc.patch icedtea-hotspot-no-glibc.patch In addition, uClibc needs the pthread_getstack_np function which you can find in usr/local/portage/sys-libs/uclibc/files/uclibc-0.9.28.3-pthread_getstack_np.patch inside the gentoo-config tarball. If in the meantime a newer version of uClibc got support for pthread_getattr_np - which is the normal way for the VM to get to the stack - you can skip the Hotspot patch. Finally, a libstdc++ built against uClibc is needed, for which the gcc uclibc patchset had to be modified. HTH, Martin |
|
From: Maurice v. d. P. <gri...@kf...> - 2009-07-30 09:45:51
|
I read in the instructions on building a reduced trusted java compartment that the icedtea-minimal tarball provides "a custom version of IcedTea 1.7 which is able to run on the uClibc system library and has a reduced dependency set." Do you have some more information about what was changed? Does the reduced dependency set translate into reduced functionality of the JRE? Have these changes been merged upstream? I'm trying to get an idea of how much work it would be to switch to a later version of icedtea or openjdk. Best regards, Maurice. -- Maurice van der Pot Gentoo Linux Developer gri...@ge... http://www.gentoo.org Gnome Planner Developer gri...@kf... http://live.gnome.org/Planner |
|
From: Ronald T. <ron...@ia...> - 2009-07-17 08:00:11
|
Hi, 최종욱 wrote: > Hi, I send another mail. > Below message is showed in Windows Server 2008. > 01:52:07:225 [ERROR] TcTddl::getInstance (51): This operating system > currently is not supported (os.name: Windows Server 2008). Thank you for this report - I was able to find the bug in jTSS. It hope to include it in the next release. Ronald -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Trusted Computing Labs fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
|
From: 최종욱 <whi...@po...> - 2009-07-16 17:00:13
|
Hi, I send another mail.
Below message is showed in Windows Server 2008.
01:52:07:225 [ERROR] TcTddl::getInstance (51): This operating system
currently is not supported (os.name: Windows Server 2008).
01:52:07:225 [ERROR] TcTcsi::<clinit> (129): TCS startup failed.
01:52:07:225 [ERROR] TcTcsi::<clinit> (129):
TSS Error:
error layer: 0x1000 (TDDL)
error code (without layer): 0x02
error code (full): 0x1002
error message: unknown
additional info: This operating system currently is not supported (os.name:
Windows Server 2008).
iaik.tc.tss.api.exceptions.tcs.TcTddlException:
TSS Error:
error layer: 0x1000 (TDDL)
error code (without layer): 0x02
error code (full): 0x1002
error message: unknown
additional info: This operating system currently is not supported (os.name:
Windows Server 2008).
at iaik.tc.tss.impl.java.tddl.TcTddl.getInstance(TcTddl.java:52)
at
iaik.tc.tss.impl.java.tcs.TcTcsCommon.isOrdinalSupported(TcTcsCommon.java:66
)
at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.<clinit>(TcTcsi.java:112)
at
iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsiOpenContext
(TcTcsBindingLocal.java:177)
at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspContextOpen_Internal(TcT
spInternal.java:378)
at iaik.tc.tss.impl.java.tsp.TcContext.connect(TcContext.java:167)
at iaik.tc.tss.impl.java.tsp.TcContext.connect(TcContext.java:194)
at test.testTSSService(test.java:24)
at test.main(test.java:66)
What can I do for fixing this problem?
From Jongwook.
|
|
From: Ronald T. <ron...@ia...> - 2009-07-16 09:11:01
|
Dear Jongwook, jTSS works fine with Vista and also Windows 7. We did not test Windows Server 2008 compatibility. but it has good chances to be compatible. Please detail the issues encountered. Did you active the TPM in the BIOS; does the driver load? Which Java have you got installed? Did you use setup.exe or the complete package? How about administrator rights... Ronald 최종욱 wrote: > Dear friends, > > > > I’m using the IAIK jTSS for my project, but it doesn’t work in my OS > windows server 2008. > > > > Windows Server 2008 has the TPM Base Service(TBS). I think it can run > the jTSS, but it didn’t. > > > > 1. Do you have a plan for extending the jTSS to Windows Server 2008? > > 2. If not, I want to do it. So, I need your advice. Are there any > point that I consider to extend jTSS to Windows Server 2008? > > > > Please, help me to do something for jTSS in Windows server 2008. > > > > From Jongwook > -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Trusted Computing Labs fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
|
From: 최종욱 <whi...@po...> - 2009-07-16 03:33:18
|
Dear friends,
I’m using the IAIK jTSS for my project, but it doesn’t work in my OS
windows server 2008.
Windows Server 2008 has the TPM Base Service(TBS). I think it can run the
jTSS, but it didn’t.
1. Do you have a plan for extending the jTSS to Windows Server 2008?
2. If not, I want to do it. So, I need your advice. Are there any point
that I consider to extend jTSS to Windows Server 2008?
Please, help me to do something for jTSS in Windows server 2008.
From Jongwook
|
|
From: Martin P. <Mar...@ia...> - 2009-07-13 10:06:42
|
Simon Mittelberger wrote: > I would like to attest to another party that my signingKey belongs to a > tpm, by signing the certificate for the signingKey through the aik. [...] > error layer: 0x00 (TPM) > error message: The usage of a key is not allowed [...] > If i change the TSS_KEY_TYPE_IDENTITY to TSS_KEY_TYPE_SIGNING it all > works fine. But it has to be an AIK in my scenario. > > Do you have any suggestions? Read TPM specifications rev 103, part 3, chapter 13.5, command "TPM_Sign", action number 3. Martin |
87 messages has been excluded from this view by a project administrator.
