trustedjava-support

[Trustedjava-support] Create certificate of key signed with EK

[rinberg\@libero\.it <ri...@li...>]

Hi. I'm trying to setup a scenario where every host knows the public part=
 of EK of the others (no Privacy CA needed). I managed to create keys and=
 quote with them but the public part of the created keys should be sent t=
o the other hosts and they should show evidence that it's genuine. 

-> I'd like to sign a certificate containing the public part of the key w=
ith the EK of the TPM so other host that know the public part of the remo=
te EK can check that the remote host is geuine.

Is a snippet of java code that creates a certificate and signs it with th=
e EK available? (this is my biggest problem, I haven't find anything with=
in jTpmTools sources with a quote using EK as signing key...)

Any help would be much appreciated.Thank you. 

Best Regards,

Rinaldo Bergamini

Re: [Trustedjava-support] Create certificate of key signed with EK

[Thomas W. <tc...@to...>]

Hello,

> -> I'd like to sign a certificate containing the public part of the key
> with the EK of the TPM so other host that know the public part of the
> remote EK can check that the remote host is geuine.

This is against the TPM spec. The spec does not allow you to directly use the 
EK for signing data or doing a TPM quote. To to that you would need a TPM 
that violates the TPM spec.

> Is a snippet of java code that creates a certificate and signs it with the
> EK available? (this is my biggest problem, I haven't find anything within
> jTpmTools sources with a quote using EK as signing key...)

You do not find such code in the jTpmTools for the reason explained above.

hth,
-- 
Thomas Winkler
tc...@to...