Menu
▾
▴
trustedjava-support — Trusted Java General Support
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(3) |
Jun
(4) |
Jul
(10) |
Aug
(6) |
Sep
(6) |
Oct
(5) |
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
|
Feb
(14) |
Mar
(25) |
Apr
(9) |
May
(10) |
Jun
(9) |
Jul
(33) |
Aug
(52) |
Sep
(15) |
Oct
(6) |
Nov
(4) |
Dec
(6) |
| 2008 |
Jan
(27) |
Feb
(3) |
Mar
(6) |
Apr
(7) |
May
(8) |
Jun
(4) |
Jul
(21) |
Aug
(8) |
Sep
(9) |
Oct
(6) |
Nov
(1) |
Dec
(1) |
| 2009 |
Jan
(1) |
Feb
(1) |
Mar
(10) |
Apr
(7) |
May
(8) |
Jun
(10) |
Jul
(11) |
Aug
(17) |
Sep
(13) |
Oct
(13) |
Nov
(1) |
Dec
(5) |
| 2010 |
Jan
(5) |
Feb
(9) |
Mar
(12) |
Apr
(4) |
May
(5) |
Jun
(3) |
Jul
(7) |
Aug
(7) |
Sep
(3) |
Oct
(12) |
Nov
(5) |
Dec
(2) |
| 2011 |
Jan
(9) |
Feb
(3) |
Mar
(24) |
Apr
(3) |
May
(1) |
Jun
|
Jul
(3) |
Aug
(8) |
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
(4) |
Feb
|
Mar
|
Apr
(3) |
May
(12) |
Jun
(7) |
Jul
(9) |
Aug
|
Sep
(14) |
Oct
(19) |
Nov
(4) |
Dec
|
| 2013 |
Jan
(1) |
Feb
(3) |
Mar
(1) |
Apr
(5) |
May
(3) |
Jun
(7) |
Jul
(6) |
Aug
(4) |
Sep
(1) |
Oct
|
Nov
|
Dec
(2) |
| 2014 |
Jan
|
Feb
(2) |
Mar
(3) |
Apr
(1) |
May
(1) |
Jun
(6) |
Jul
(14) |
Aug
(5) |
Sep
(7) |
Oct
(3) |
Nov
|
Dec
(1) |
| 2015 |
Jan
(3) |
Feb
|
Mar
(4) |
Apr
|
May
(1) |
Jun
(9) |
Jul
|
Aug
(1) |
Sep
|
Oct
(1) |
Nov
(4) |
Dec
(4) |
| 2016 |
Jan
|
Feb
(1) |
Mar
|
Apr
(1) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
|
| 2017 |
Jan
|
Feb
|
Mar
(2) |
Apr
(1) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(1) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(11) |
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(2) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Martin P. <Mar...@ia...> - 2008-01-17 14:16:32
|
Carolin Latze wrote: > it's me again :-) Hi Carolin, nice to meet you again... :-) > I got the PCA working and the jTPM tools too... First of all, I tried > to obtain an EK certificate for my emulated TPM: > > ./jtt.sh xkms_ekcert_create --auth secret --ekfileek.cert -o opw --service "http://10.1.1.1:20000/ek" > ./jtt.sh xkms_ekcert_validate --ekfile ek.cert > > That works, but if I try > > ./jtt.sh xkms_aik_create -a aikpw -l tybble -o opw --aikfile aik.cert --ekfile ek.cert --keyfile aik.tpmkey --service "http://10.1.1.1:20000/aik" > > this leads to the following exception on the server side: > 14:17:28:698 [INFO] RequestProcessor::newInstance (123): === RegisterRequest /aik === > 14:17:28:698 [INFO] RequestProcessor::doRepresentAndPending (282): processing RegisterRequest with ID _IFPOLZLVZQLBST7MAYL2DKZCJZ8BF45 > 14:17:28:699 [ERROR] HTTPHandler::run (209): BUG? Unexpected exception while handling message: > > java.lang.NoClassDefFoundError: Could not initialize class iaik.tc.tss.impl.java.tsp.TcContext You are missing iaik_jtss_tsp.jar (containing iaik.tc.tss.impl.java.tsp.TcContext) on the server side? > at iaik.tc.tss.impl.java.tsp.TcTssLocalCallFactory.newContextObject(Unknown> Source) > at iaik.tc.apps.jtt.aik.PrivacyCa.<init>(PrivacyCa.java:119) > at iaik.tc.apps.pki.server.ServerPCA.<init>(ServerPCA.java:36) > at iaik.tc.apps.pki.server.cmd.RPRegisterCreateAIK.process(RPRegisterCreateAIK.java:55) > at iaik.xkms.server.handler.AbstractHandler.handleRequest(AbstractHandler.java:122) > at iaik.xkms.server.handler.HTTPHandler.run(HTTPHandler.java:139) > I also tried it the your PCA using the same commands I use for my local > version, but there I'm not able to get the EK certificate: > > ./jtt.sh xkms_ekcert_create --auth secret --ekfile tybble_ek_graz.cert -o opw required --auth available by personal mail HTH, Martin |
|
From: Maksim D. <dk...@bf...> - 2008-01-17 13:49:09
|
Hi!
I have a problem with the certifyKey() method. The following code (where
I try to use the predefined nonce for key certification), for example:
TcTssValidation validation = new TcTssValidation();
validation.setExternalData(nonceBlob);
//validation = keyToCertify.certifyKey (certificationKey, null);
keyToCertify.certifyKey(certificationKey, validation);
Simply throws exception:
java.lang.IllegalArgumentException: Argument 'validation' is not an
instance of iaik.tc.tss.impl.java.tsp.TcRsaKey.
at iaik.tc.utils.misc.CheckPrecondition.isInstanceOf(Unknown Source)
at iaik.tc.utils.misc.CheckPrecondition.optionalInstanceOf(Unknown
Source)
at iaik.tc.tss.impl.java.tsp.TcRsaKey.certifyKey(Unknown Source)
at TPMClient.certifyKey(TPMClient.java:170)
at TPMClientTest.main(TPMClientTest.java:61)
However I find it weird, since the certifyKey() method declaration looks
like:
TcTssValidation
<http://trustedjava.sourceforge.net/jtss/javadoc_all/iaik/tc/tss/api/structs/tsp/TcTssValidation.html>
*certifyKey*(TcIRsaKey
<http://trustedjava.sourceforge.net/jtss/javadoc_all/iaik/tc/tss/api/tspi/TcIRsaKey.html> certifyingKey,
TcTssValidation
<http://trustedjava.sourceforge.net/jtss/javadoc_all/iaik/tc/tss/api/structs/tsp/TcTssValidation.html> validation)
throws TcTssException
<http://trustedjava.sourceforge.net/jtss/javadoc_all/iaik/tc/tss/api/exceptions/common/TcTssException.html>
Any info on that?
Maksim.
|
|
From: Carolin L. <car...@un...> - 2008-01-17 13:27:59
|
Hi,
it's me again :-)
I got the PCA working and the jTPM tools too... First of all, I tried
to obtain an EK certificate for my emulated TPM:
./jtt.sh xkms_ekcert_create --auth secret --ekfileek.cert -o opw
--service "http://10.1.1.1:20000/ek"
./jtt.sh xkms_ekcert_validate --ekfile ek.cert
That works, but if I try
./jtt.sh xkms_aik_create -a aikpw -l tybble -o opw --aikfile aik.cert
--ekfile ek.cert --keyfile aik.tpmkey --service "http://10.1.1.1:20000/aik"
this leads to the following exception on the server side:
14:17:28:698 [INFO] RequestProcessor::newInstance (123): ===
RegisterRequest /aik ===
14:17:28:698 [INFO] RequestProcessor::doRepresentAndPending (282):
processing RegisterRequest with ID _IFPOLZLVZQLBST7MAYL2DKZCJZ8BF45
14:17:28:699 [ERROR] HTTPHandler::run (209): BUG? Unexpected
exception while handling message:
java.lang.NoClassDefFoundError: Could not initialize class
iaik.tc.tss.impl.java.tsp.TcContext
at
iaik.tc.tss.impl.java.tsp.TcTssLocalCallFactory.newContextObject(Unknown
Source)
at iaik.tc.apps.jtt.aik.PrivacyCa.<init>(PrivacyCa.java:119)
at iaik.tc.apps.pki.server.ServerPCA.<init>(ServerPCA.java:36)
at
iaik.tc.apps.pki.server.cmd.RPRegisterCreateAIK.process(RPRegisterCreateAIK.java:55)
at
iaik.xkms.server.handler.AbstractHandler.handleRequest(AbstractHandler.java:122)
at iaik.xkms.server.handler.HTTPHandler.run(HTTPHandler.java:139)
I also tried it the your PCA using the same commands I use for my local
version, but there I'm not able to get the EK certificate:
./jtt.sh xkms_ekcert_create --auth secret --ekfile tybble_ek_graz.cert
-o opw
sending RegisterRequest...
WARNING: No Version of Xerces found, please check your classpath,
defaulting to DOM LEVEL 3
...result received
Validating XKMS message signature using certificate:
CN=IAIK OpenTC XKMS Test Responder,OU=IAIK trusted computing
labs,O=Graz University of Technology,C=AT
XKMS Result message signature is VALID.
EK create operation FAILED
===>http://www.w3.org/2002/03/xkms#Sender
===>http://www.w3.org/2002/03/xkms#NoAuthentication
Well I think, that I make some mistakes, which lead to this behaviour,
but I don't know where and what.
If somebody could give a hint, that would be great!
Thanks in advance
Carolin
|
|
From: Maksim D. <dk...@bf...> - 2008-01-17 10:36:21
|
Hi! I have a question regarding the TSS certifyKey command. Here is the example of my source code: validation = keyToCertify.certifyKey (certificationKey, null); I successfully certify the bind type key with the AIK key I have created and activated earlier. Now the question is how do I verify the signature (the TcTssValidation structure) later with the same AIK's public key? Is there any method in TSS or do I have to sha1 the bind key manually and use verifySignature method? Could you help me, please? Regards, Maksim. |
|
From: Carolin L. <car...@un...> - 2008-01-16 16:05:25
|
Ok, I did not mean these certificates, I am at this point: == The PrivacyCA expects a certain set of certificates to be available upon startup: A self signed CA root certificate ca.cert At the next level, intermediate CA certificates + private keys for each service: TPM Endorsement Key (EK) CA caek.cert and caek.pkey Attestation Identity Key (AIK) CA caaik.cert and caaik.pkey The certificates and private keys for these 3 entities may be build with the TCcert utility. After running TCcert, just copy over the created ca* files. == But I think, I understand, what you mean... ca.ini generates those three and cert.ini the other two... was not clear for me, as you see :-) (I thought ca.ini was just an example to explain tccert...) Regards Martin Pirker wrote: > Carolin Latze wrote: > >> example with ca.ini works, but I am not able to use certs.ini: >> >> ./tccert.sh -i ca certs.ini >> > > PCA readme, section 2.4.2: > "To create this 2 entities run the build-certs script in the bin directory" > > HTH, > Martin > |
|
From: Martin P. <Mar...@ia...> - 2008-01-16 15:26:59
|
Carolin Latze wrote: > example with ca.ini works, but I am not able to use certs.ini: > > ./tccert.sh -i ca certs.ini PCA readme, section 2.4.2: "To create this 2 entities run the build-certs script in the bin directory" HTH, Martin |
|
From: Carolin L. <car...@un...> - 2008-01-16 15:06:29
|
Hi all, I have another Java problem... meanwhile I copied tccert into the resources directory and adapted iaik_xkms.jar according to Martins Mail. Finally, I checked that I have JCE and the signed iaik_jce.jar. The example with ca.ini works, but I am not able to use certs.ini: ./tccert.sh -i ca certs.ini ***************************************************************************** *** *** *** Welcome to the IAIK JCE Library *** *** *** *** This version of IAIK-JCE is licensed for evaluation, education, *** *** research, and use in open-source projects only. *** *** Commercial use of this software is prohibited. *** *** For details please see http://jce.iaik.tugraz.at/sales/. *** *** This message does not appear in the registered commercial version. *** *** *** ***************************************************************************** generating CA certificates... CAroot 16:03:28:845 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... 16:03:28:847 [INFO] CACertificate::<init> (56): privatekeysize not specified, using default 2048 bits 16:03:30:002 [WARN] Common::parseName (70): 'country' property for distinguished name expected 16:03:30:002 [WARN] Common::parseName (77): 'organization' property for distinguished name expected 16:03:30:003 [WARN] Common::parseName (84): 'organizationalUnit' property for distinguished name expected 16:03:30:003 [WARN] Common::parseName (91): 'commonName' property for distinguished name expected Exception in thread "main" java.lang.IllegalArgumentException: distinguished name object must not be empty, cannot build Name object at iaik.tc.cert.common.Common.parseName(Common.java:95) at iaik.tc.cert.CACertificate.<init>(CACertificate.java:67) at iaik.tc.TCcert.generateCA(TCcert.java:243) at iaik.tc.TCcert.main(TCcert.java:118) It seems, that I have another configuration problem... BTW I compared certs.ini with ca.ini, but I don't see the problem... Any hints are appreciated Regards Carolin Carolin Latze wrote: > Hi Martin, > > thanks for the immediate reply. I got it working now. You were right, I > had to replace iaik-jce. I used the signed version for pca, but for > certificate creation I use a seperate tccert installation, which didn't > use the signed jar. Thanks for the hint > > Btw I read already your older mail, but I am not that far with my setup > atm :-) > > Regards > Carolin > > Martin Pirker wrote: > >> Hi... >> >> Carolin Latze wrote: >> >> >>> ./tccert.sh -i ca ca.ini >>> >>> >> [...] >> >> >>> generating CA certificates... >>> CAroot >>> 15:07:09:783 [INFO] CACertificate::<init> (49): generating RSA KeyPair >>> for CA certificate... >>> 15:07:16:902 [INFO] CACertificate::<init> (74): root CA cert ---> >>> issuerDN = subjectDN >>> Exception in thread "main" iaik.utils.InternalErrorException: >>> PBEParameterSpec type required >>> at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) >>> at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) >>> at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) >>> at iaik.tc.cert.common.Common.writePrivateKeyToFile(Common.java:363) >>> at iaik.tc.TCcert.generateCA(TCcert.java:247) >>> at iaik.tc.TCcert.main(TCcert.java:118) >>> >>> >> [...] >> >> >> >>> Does anybody have an idea whats going wrong here? >>> >>> >> I am unable to reproduce your problem: >> >> .../testtccert/tccert-0.2.2$ java -version >> java version "1.6.0_03" >> Java(TM) SE Runtime Environment (build 1.6.0_03-b05) >> Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) >> >> .../tccert-0.2.2$ ./tccert.sh -i ca ca.ini >> *** *** >> *** Welcome to the IAIK JCE Library *** >> *** *** >> *** This version of IAIK JCE is licensed for educational and research use *** >> *** and evaluation only. Commercial use of this software is prohibited. *** >> *** For details please see http://jce.iaik.tugraz.at/sales/licences/. *** >> *** This message does not appear in the registered commercial version. *** >> *** *** >> >> generating CA certificates... >> CAroot >> 14:14:16:263 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... >> 14:14:19:132 [INFO] CACertificate::<init> (74): root CA cert ---> issuerDN = subjectDN >> CApe >> 14:14:19:926 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... >> 14:14:25:328 [INFO] CACertificate::<init> (71): derived CA cert >> CAek >> 14:14:25:440 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... >> 14:14:28:441 [INFO] CACertificate::<init> (71): derived CA cert >> CAaik >> 14:14:28:521 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... >> 14:14:33:813 [INFO] CACertificate::<init> (71): derived CA cert >> ...done >> >> >> >> Common problems: >> * Are you sure you use the signed(!) version of IAIK-JCE? >> * Are you sure you installed the "unlimited strength encryption" policy files >> for Java? >> >> >> As a future help, please also read my mail "XKMS 0.2 + Java 6" from 21.08.2007 >> on this mailing list. I attached "IAIK.class" again to this mail for your convenience. >> >> >> HTH, >> Martin >> >> ------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Trustedjava-support mailing list >> Tru...@li... >> https://lists.sourceforge.net/lists/listinfo/trustedjava-support >> >> > > |
|
From: Carolin L. <car...@un...> - 2008-01-16 14:32:01
|
Hi Martin, thanks for the immediate reply. I got it working now. You were right, I had to replace iaik-jce. I used the signed version for pca, but for certificate creation I use a seperate tccert installation, which didn't use the signed jar. Thanks for the hint Btw I read already your older mail, but I am not that far with my setup atm :-) Regards Carolin Martin Pirker wrote: > Hi... > > Carolin Latze wrote: > >> ./tccert.sh -i ca ca.ini >> > [...] > >> generating CA certificates... >> CAroot >> 15:07:09:783 [INFO] CACertificate::<init> (49): generating RSA KeyPair >> for CA certificate... >> 15:07:16:902 [INFO] CACertificate::<init> (74): root CA cert ---> >> issuerDN = subjectDN >> Exception in thread "main" iaik.utils.InternalErrorException: >> PBEParameterSpec type required >> at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) >> at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) >> at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) >> at iaik.tc.cert.common.Common.writePrivateKeyToFile(Common.java:363) >> at iaik.tc.TCcert.generateCA(TCcert.java:247) >> at iaik.tc.TCcert.main(TCcert.java:118) >> > > [...] > > >> Does anybody have an idea whats going wrong here? >> > > I am unable to reproduce your problem: > > .../testtccert/tccert-0.2.2$ java -version > java version "1.6.0_03" > Java(TM) SE Runtime Environment (build 1.6.0_03-b05) > Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) > > .../tccert-0.2.2$ ./tccert.sh -i ca ca.ini > *** *** > *** Welcome to the IAIK JCE Library *** > *** *** > *** This version of IAIK JCE is licensed for educational and research use *** > *** and evaluation only. Commercial use of this software is prohibited. *** > *** For details please see http://jce.iaik.tugraz.at/sales/licences/. *** > *** This message does not appear in the registered commercial version. *** > *** *** > > generating CA certificates... > CAroot > 14:14:16:263 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... > 14:14:19:132 [INFO] CACertificate::<init> (74): root CA cert ---> issuerDN = subjectDN > CApe > 14:14:19:926 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... > 14:14:25:328 [INFO] CACertificate::<init> (71): derived CA cert > CAek > 14:14:25:440 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... > 14:14:28:441 [INFO] CACertificate::<init> (71): derived CA cert > CAaik > 14:14:28:521 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... > 14:14:33:813 [INFO] CACertificate::<init> (71): derived CA cert > ...done > > > > Common problems: > * Are you sure you use the signed(!) version of IAIK-JCE? > * Are you sure you installed the "unlimited strength encryption" policy files > for Java? > > > As a future help, please also read my mail "XKMS 0.2 + Java 6" from 21.08.2007 > on this mailing list. I attached "IAIK.class" again to this mail for your convenience. > > > HTH, > Martin > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > ------------------------------------------------------------------------ > > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support > -- Carolin Latze Research Assistant Department of Computer Science Boulevard de Pérolles 90 CH-1700 Fribourg phone: +41 26 300 83 30 |
|
From: Martin P. <Mar...@ia...> - 2008-01-16 14:25:47
|
Hi... Carolin Latze wrote: > ./tccert.sh -i ca ca.ini [...] > generating CA certificates... > CAroot > 15:07:09:783 [INFO] CACertificate::<init> (49): generating RSA KeyPair > for CA certificate... > 15:07:16:902 [INFO] CACertificate::<init> (74): root CA cert ---> > issuerDN = subjectDN > Exception in thread "main" iaik.utils.InternalErrorException: > PBEParameterSpec type required > at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) > at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) > at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) > at iaik.tc.cert.common.Common.writePrivateKeyToFile(Common.java:363) > at iaik.tc.TCcert.generateCA(TCcert.java:247) > at iaik.tc.TCcert.main(TCcert.java:118) [...] > Does anybody have an idea whats going wrong here? I am unable to reproduce your problem: .../testtccert/tccert-0.2.2$ java -version java version "1.6.0_03" Java(TM) SE Runtime Environment (build 1.6.0_03-b05) Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) .../tccert-0.2.2$ ./tccert.sh -i ca ca.ini *** *** *** Welcome to the IAIK JCE Library *** *** *** *** This version of IAIK JCE is licensed for educational and research use *** *** and evaluation only. Commercial use of this software is prohibited. *** *** For details please see http://jce.iaik.tugraz.at/sales/licences/. *** *** This message does not appear in the registered commercial version. *** *** *** generating CA certificates... CAroot 14:14:16:263 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... 14:14:19:132 [INFO] CACertificate::<init> (74): root CA cert ---> issuerDN = subjectDN CApe 14:14:19:926 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... 14:14:25:328 [INFO] CACertificate::<init> (71): derived CA cert CAek 14:14:25:440 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... 14:14:28:441 [INFO] CACertificate::<init> (71): derived CA cert CAaik 14:14:28:521 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... 14:14:33:813 [INFO] CACertificate::<init> (71): derived CA cert ...done Common problems: * Are you sure you use the signed(!) version of IAIK-JCE? * Are you sure you installed the "unlimited strength encryption" policy files for Java? As a future help, please also read my mail "XKMS 0.2 + Java 6" from 21.08.2007 on this mailing list. I attached "IAIK.class" again to this mail for your convenience. HTH, Martin |
|
From: Carolin L. <car...@un...> - 2008-01-16 14:09:25
|
Hi all, I try to generate certificates for the privacy ca using tccert, but it fails: ./tccert.sh -i ca ca.ini ***************************************************************************** *** *** *** Welcome to the IAIK JCE Library *** *** *** *** This version of IAIK-JCE is licensed for evaluation, education, *** *** research, and use in open-source projects only. *** *** Commercial use of this software is prohibited. *** *** For details please see http://jce.iaik.tugraz.at/sales/. *** *** This message does not appear in the registered commercial version. *** *** *** ***************************************************************************** generating CA certificates... CAroot 15:07:09:783 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... 15:07:16:902 [INFO] CACertificate::<init> (74): root CA cert ---> issuerDN = subjectDN Exception in thread "main" iaik.utils.InternalErrorException: PBEParameterSpec type required at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) at iaik.tc.cert.common.Common.writePrivateKeyToFile(Common.java:363) at iaik.tc.TCcert.generateCA(TCcert.java:247) at iaik.tc.TCcert.main(TCcert.java:118) (I used ca.ini from the examples folder for testing purposes... it also fails with certs.ini from pca) My Java version is 1.6: java -version java version "1.6.0_03" Java(TM) SE Runtime Environment (build 1.6.0_03-b05) Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode) Does anybody have an idea whats going wrong here? Regards Carolin |
|
From: Carolin L. <car...@un...> - 2008-01-16 13:42:34
|
Well.... a click on "Downloads" usually helps.... :-P Regards Carolin Carolin Latze wrote: > Hi all, > > I try to install the Privacy CA provided by Trustedjava. ATM I try to > download all libraries, that are mentioned in the readme, but I can't > find iaik_xkms_tc.jar iaik_xkms.jar. Can you provide a download link? > > Thanks > Regards > Carolin > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support > -- Carolin Latze Research Assistant Department of Computer Science Boulevard de Pérolles 90 CH-1700 Fribourg phone: +41 26 300 83 30 |
|
From: Carolin L. <car...@un...> - 2008-01-16 13:38:36
|
Hi all, I try to install the Privacy CA provided by Trustedjava. ATM I try to download all libraries, that are mentioned in the readme, but I can't find iaik_xkms_tc.jar iaik_xkms.jar. Can you provide a download link? Thanks Regards Carolin |
|
From: Maksim D. <dk...@bf...> - 2007-12-20 11:10:41
|
Sometimes I think programming embedded systems is much easier even though I don't have so much layers of software and hardware sitting on top of the devices. I have currently moved to TPM emulator and will try the real hardware TPM later. I certainly appreciate the elevated command prompt link and will try it later. I have attached the (default) list of blocked and allowed commands in my instance of Vista as the .txt file. Basically I can't enable a single one of them and I think this is because I run "tpm.msc" from the not elevated command prompt. Regards, Maksim. Ronald Tögl wrote: > Maksim Djackov wrote: >> This is strangely enough, but I am the local administrator and the >> commands (not all of them) are enabled. > Note that being Administrator does not mean that the command shell > will run with this privilege, unless you open it in the special > elevated mode. > See for instance > http://computerbits.wordpress.com/2007/02/14/vista-elevated-command-prompt/ > > >> I can't enable all of them since this is the Vista Home edition and I >> don't have the policy group editor, > Currently, we do not have Vista Home available on a TPM equipped PC so > we did not test it. Which commands are inactive & cannot be enabled? > >> but I suppose the jTSS suppose to create and connect the context_ at >> the very least? > Yes, I guess so. > > Regards, Ronald |
|
From: Maksim D. <dk...@bf...> - 2007-12-20 11:09:59
|
Sometimes I think programming embedded systems is much easier even though I don't have so much layers of software and hardware sitting on top of the devices. I have currently moved to TPM emulator and will try the real hardware TPM later. I certainly appreciate the elevated command prompt link and will try it later. I have attached the (default) list of blocked and allowed commands in my instance of Vista as the .txt file. Basically I can't enable a single one of them and I think this is because I run "tpm.msc" from the not elevated command prompt. Regards, Maksim. Ronald Tögl wrote: > Maksim Djackov wrote: >> This is strangely enough, but I am the local administrator and the >> commands (not all of them) are enabled. > Note that being Administrator does not mean that the command shell > will run with this privilege, unless you open it in the special > elevated mode. > See for instance > http://computerbits.wordpress.com/2007/02/14/vista-elevated-command-prompt/ > > >> I can't enable all of them since this is the Vista Home edition and I >> don't have the policy group editor, > Currently, we do not have Vista Home available on a TPM equipped PC so > we did not test it. Which commands are inactive & cannot be enabled? > >> but I suppose the jTSS suppose to create and connect the context_ at >> the very least? > Yes, I guess so. > > Regards, Ronald |
|
From: <ron...@ia...> - 2007-12-18 12:22:48
|
Maksim Djackov wrote: > This is strangely enough, but I am the local administrator and the > commands (not all of them) are enabled. Note that being Administrator does not mean that the command shell will run with this privilege, unless you open it in the special elevated mode. See for instance http://computerbits.wordpress.com/2007/02/14/vista-elevated-command-prompt/ > I can't enable all of them since > this is the Vista Home edition and I don't have the policy group editor, Currently, we do not have Vista Home available on a TPM equipped PC so we did not test it. Which commands are inactive & cannot be enabled? > but I suppose the jTSS suppose to create and connect the context_ at the > very least? Yes, I guess so. Regards, Ronald |
|
From: Maksim D. <dk...@bf...> - 2007-12-18 10:52:02
|
This is strangely enough, but I am the local administrator and the commands (not all of them) are enabled. I can't enable all of them since this is the Vista Home edition and I don't have the policy group editor, but I suppose the jTSS suppose to create and connect the context_ at the very least? Regards, Maksim. Ronald Tögl wrote: > Maksim Djackov wrote: > > Hello Maksim, > >> I currently have the following problem when trying to use jTSS with >> Vista. > > > The TPM > > itself is initialized, active and owned. > So the lower layers appear to be ok. > > >> Vista TBS error received but unable to throw proper exception!Vista >> TBS Error (0x80284001): An internal software error occurred (One >> possible reason: Insufficient permissions to access TPM). > > Currently, we need administrator rights to access the TPM from Java. > As a workaround start the JVM (or indeed Eclipse.. :-/ ) from a > "command prompt with Administrator rights". > > Please check again, that you have unblocked the TPM commands. > http://technet.microsoft.com/en-us/windowsvista/aa905092.aspx#BKMK_S3 > > > hth, > Ronald > |
|
From: <ron...@ia...> - 2007-12-17 08:38:22
|
Maksim Djackov wrote: Hello Maksim, > I currently have the following problem when trying to use jTSS with > Vista. > The TPM > itself is initialized, active and owned. So the lower layers appear to be ok. > Vista TBS error received but unable to throw proper exception!Vista TBS > Error (0x80284001): An internal software error occurred (One possible > reason: Insufficient permissions to access TPM). Currently, we need administrator rights to access the TPM from Java. As a workaround start the JVM (or indeed Eclipse.. :-/ ) from a "command prompt with Administrator rights". Please check again, that you have unblocked the TPM commands. http://technet.microsoft.com/en-us/windowsvista/aa905092.aspx#BKMK_S3 hth, Ronald |
|
From: Maksim D. <dk...@bf...> - 2007-12-14 16:06:55
|
Hi!
I currently have the following problem when trying to use jTSS with
Vista. When I try to
context_.connect();
I receive the exception:
Exception in thread "main" java.lang.NoClassDefFoundError:
iaik/tss/api/exceptions/tcs/TcTddlException
at iaik.tc.tss.impl.java.tddl.TcTddlVista.tbsContextCreate(Native
Method)
at iaik.tc.tss.impl.java.tddl.TcTddlVista.open(Unknown Source)
at iaik.tc.tss.impl.java.tddl.TcTddl.getInstance(Unknown Source)
at iaik.tc.tss.impl.java.tcs.TcTcsCommon.isOrdinalSupported(Unknown
Source)
at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.<clinit>(Unknown Source)
at
iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsiOpenContext(Unknown
Source)
at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspContextOpen_Internal(Unknown
Source)
at iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source)
at iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source)
at TPMCommon.setUp(TPMCommon.java:58)
at clientTPM.setUp(clientTPM.java:42)
at clientTPMTest.main(clientTPMTest.java:16)
Vista TBS error received but unable to throw proper exception!Vista TBS
Error (0x80284001): An internal software error occurred (One possible
reason: Insufficient permissions to access TPM).
This the full code example:
import iaik.tc.tss.api.constants.tsp.TcTssConstants;
import iaik.tc.tss.api.structs.common.TcBlobData;
import iaik.tc.tss.api.tspi.TcIPolicy;
import iaik.tc.tss.api.exceptions.common.TcTssException;
//import iaik.tc.tss.api.structs.tsp.TcTssVersion;
import iaik.tc.tss.api.structs.tsp.TcUuidFactory;
import iaik.tc.tss.api.tspi.TcIContext;
import iaik.tc.tss.api.tspi.TcIRsaKey;
import iaik.tc.tss.impl.java.tsp.TcTssLocalCallFactory;
public class TPMCommon {
// UNICODE (UTF-16LE) String without NULL termination
public static final TcBlobData OWNER_SECRET =
TcBlobData.newString("tpmsecret");
//public static final TcBlobData OWNER_SECRET =
TcBlobData.newString("hugoowner");
// The TSS_WELL_KNOWN_SECRET goes in "as is".
public static final TcBlobData SRK_SECRET =
TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET);
//public static final TcBlobData
SRK_SECRET=TcBlobData.newString("srk"); //Remember to change the
SRK_SECRET_MODE as well
public static final long OWNER_SECRET_MODE =
TcTssConstants.TSS_SECRET_MODE_PLAIN;
public static final long SRK_SECRET_MODE =
TcTssConstants.TSS_SECRET_MODE_SHA1;
// public static final long SRK_SECRET_MODE =
TcTssConstants.TSS_SECRET_MODE_PLAIN;
public static TcIPolicy tpmPolicy = null;
public static TcIPolicy srkPolicy = null;
public TcIContext context_ = null;
public TcIRsaKey srk_ = null;
public void setUp() throws Exception
{
//super.setUp();
context_ = new TcTssLocalCallFactory().newContextObject();
context_.connect();
Could you help me please? I have no idea where the problem is. The TPM
itself is initialized, active and owned.
Thank you!
|
|
From: <ron...@ia...> - 2007-11-28 09:11:43
|
IAIK is happy to announce the release of TCPVM 0.1 and jTSS Wrapper 0.3.1. TCPVM 0.1 --------- The recently released TCPVM is a patch to the Java VM itself, allowing to integrate it into the chain of trust. Changes to jTSS Wrapper 0.3.1 ----------------------------- * Improved compatibility with jTSS 0.2 * Correct handling of UUIDs * Experimental features: compile with GCJ, wrapping of IFX stack as alternative to TrouSerS If you have a running setup of version 0.3 there is no need to upgrade. Note that the only supported versions of TrouSerS are 0.2.9 and 0.2.9.1. Have fun, Ronald -- Ronald Toegl, IAIK, TU Graz |
|
From: <ron...@ia...> - 2007-11-28 09:11:30
|
IAIK is happy to announce the release of TCPVM 0.1 and jTSS Wrapper 0.3.1. TCPVM 0.1 --------- The recently released TCPVM is a patch to the Java VM itself, allowing to integrate it into the chain of trust. Changes to jTSS Wrapper 0.3.1 ----------------------------- * Improved compatibility with jTSS 0.2 * Correct handling of UUIDs * Experimental features: compile with GCJ, wrapping of IFX stack as alternative to TrouSerS If you have a running setup of version 0.3 there is no need to upgrade. Note that the only supported versions of TrouSerS are 0.2.9 and 0.2.9.1. Have fun, Ronald -- Ronald Toegl, IAIK, TU Graz |
|
From: <ron...@ia...> - 2007-11-14 11:02:36
|
Hello Artem, Artem Dinaburg wrote: > I seem to be stuck at a conflict between the TrustedJava documentation > and the implementation. > Is the correct behaviour of the quote operation to set the values in > the pcrComposite parameter, or to not set the values? Thank you for pointing out this problem with the documentation. The correct behavior in accordance the 1.2 Errata A specs is the following: The pcrComposite object is only used as input parameter. Thus no actual PCR values will be set in it or returned with it. If you need to know the single PCR values, you have to extract them with getPcrValue() of class TcPcrCompositeBase. The current software implementation is in line with the specification, so I will update the documentation with the next release. Regards, Ronald -- IAIK, TU Graz |
|
From: Artem D. <ar...@cc...> - 2007-11-14 03:52:57
|
I seem to be stuck at a conflict between the TrustedJava documentation and the implementation. Is the quote method of TcTpm supposed to update the pcrComposite parameter with the actual PCR values? According to documentation on: http://trustedjava.sourceforge.net/jtss/javadoc_all/iaik/tc/tss/api/tspi/TcITpm.html the updating is the correct behaviour, as stated by: "The required information about which PCRs should be quoted must be set in the PcrComposite object before calling this method. On return each element of the collection has its pcrValue set." However, in the code for TcTpm.java in jTSS 0.2, the actual PCR values used for hashing are never placed in the PcrComposite object nor returned to the caller in any way. Is the correct behaviour of the quote operation to set the values in the pcrComposite parameter, or to not set the values? Artem |
|
From: Thomas W. <tc...@to...> - 2007-10-24 05:35:03
|
Hi, > Is there a way make non-root processes access TPM Emulator? I am running > into troubles regarding access permission to /dev/tpm or socket file in > /var/tpm, from non-root processes. Most modern Linux distributions are using udev to manage the nodes in /dev. Therefore a good place to start is to have a look at the /etc/udev directory. There you (might) find a rules.d folder where you can place rules for the udev daemon. That's what the readme says about it: "The files in this directory are read by udev(7) and used when events are performed by the kernel. The udev daemon watches this directory with inotify so that changes to these files are automatically picked up." So - you could place a rule in this folder to set the group and mode udev assigns to the /dev/tpm device when the module is loaded. Note that this information applies to Ubuntu distros - it might be slightly different when using some other distribution. On Ubuntu you could simply add a rule to the following rules file: /etc/udev/rules.d/40-permissions.rules hth, -- Thomas Winkler tc...@to... |
|
From: <Hon...@cs...> - 2007-10-24 04:01:41
|
SGkgYWxsLA0KIA0KSXMgdGhlcmUgYSB3YXkgbWFrZSBub24tcm9vdCBwcm9jZXNzZXMgYWNjZXNz IFRQTSBFbXVsYXRvcj8gIEkgYW0gcnVubmluZyBpbnRvIHRyb3VibGVzIHJlZ2FyZGluZyBhY2Nl c3MgcGVybWlzc2lvbiB0byAvZGV2L3RwbSBvciBzb2NrZXQgZmlsZSBpbiAvdmFyL3RwbSwgZnJv bSBub24tcm9vdCBwcm9jZXNzZXMuDQogDQpJJ3ZlIHRyaWVkIHRvIG1vZGlmeSB0aGUgZmlsZSBw ZXJtaXNzaW9ucyBtYW51YWxseSB3aXRoIG5vIGVmZmVjdHMuDQogDQpUaGFua3MuDQogDQpIb24g SHdhbmcuDQogDQo= |
|
From: Martin P. <Mar...@ia...> - 2007-10-11 12:30:47
|
francesca fabbri wrote:
> I'm using your Tccert package to create a test certificate for a CA.
Note that the CA functionality of TCcert was only intended to quickly create
a "looks like a real CA" certificate for testing, not for production use.
> I've a question:
> is it possible to create a Ca certificate where the public and private
> key of the Ca are created by me?
IAIK-JCE is like a big toolbox you can use to create whatever type
of certificate you like (at an amazing price, too, may I say ;-)
> Another question: when i invoke the CaCertificate construct as follows:
> cacert = new CACertificate(properties, null, null);
>
> and i invoke the method:
>
> cacert.getKeyPair().getPrivate()
> or
> caCert.getKeyPair().getPublic()
>
> do i obtain something?
> Does the constructor create a keypair for the Ca?
quoting the source of the constructor:
String keysize = prop.getProperty("privatekeysize");
if (keysize!=null) {
keypair_ = Common.generateRSAKeyPair(prop.getPropertyAsInt("privatekeysize"));
} else {
Log.info("privatekeysize not specified, using default 2048 bits");
keypair_ = Common.generateRSAKeyPair(2048);
}
HTH
--
Martin Pirker
IAIK, TU Graz
|
87 messages has been excluded from this view by a project administrator.
