trustedjava-support

[Trustedjava-support] Where does jTSS gets the PubEKCert from in CollateIdentityRequest?

[<Hon...@cs...>]

SGkgYWxsLA0KDQpJIGxpa2UgdG8ga25vdyB3aGVyZSBqVFNTIGdldHMgdGhlIFB1YmxpYyBFbmRv
cnNlbWVudCBLZXkgQ2VydGlmaWNhdGUgKEVLQ2VydCkgZnJvbSBkdXJpbmcgdGhlIENvbGxhdGVJ
ZGVudGl0eVJlcXVlc3Qgb3BlcmF0aW9uPw0KDQpJIGtub3cgdGhhdCBpZiBJIHVzZSB0aGUgVHJv
dVNlcnMgd3JhcHBlcnMsIFRyb3VTZXJzIHN1cHBseSB0aGlzIGZyb20gaXRzIGNvbmZpZ3VyYXRp
b24gZmlsZS4NCg0KRG9lcyBqVFNTIGhhcyBhIGNvbmZpZ3VyYXRpb24gZmlsZT8gIEkgbm90aWNl
IHRoZXJlIGlzIGEgLmluaSBmaWxlIHdpdGgga2V5LXZhbHVlIHBhaXIgZGF0YSBmb3IgcGVyc2lz
dGVudCBzdG9yYWdlLg0KDQpPciBJIGhhdmUgdG8gdXNlIFRyb3VTZXJzIHRvIG9idGFpbiB0aGUg
RUtDZXJ0Pw0KDQpJIGFtIHVzaW5nIGpUU1MgMC4xLCB3aXRoIFRQTSBFbXVsYXRvciAwLjUuDQoN
ClRoYW5rcy4NCg0KSG9uIEh3YW5nLg0K

Re: [Trustedjava-support] Where does jTSS gets the PubEKCert from in CollateIdentityRequest?

[Thomas W. <tc...@to...>]

Hello,

> I like to know where jTSS gets the Public Endorsement Key Certificate
> (EKCert) from during the CollateIdentityRequest operation?

If you have a IFX TPM (1.1b or 1.2), the EK Cert is read from the chip.

> I know that if I use the TrouSers wrappers, TrouSers supply this from its
> configuration file.

No - you can not specify it in a configuration file.
But jTSS is a 1.2 compliant TSS and therefore you can supply the certificates 
via the setAttribData method of the TPM object and one of the following 
subflags (see TSS spec):

TcTssConstants.TSS_TPMATTRIB_EKCERT
TcTssConstants.TSS_TPMATTRIB_PLATFORM_CC
TcTssConstants.TSS_TPMATTRIB_PLATFORMCERT
TcTssConstants.TSS_TPMATTRIB_PLATFORM_CC

hth,
-- 
Thomas Winkler
e-mail: tc...@to...