Menu
▾
▴
trustedjava-support
|
From: <ron...@ia...> - 2008-01-18 10:17:45
Attachments:
smime.p7s
|
Carolin Latze wrote: > But I changed the error now :-) Now, it is > > java.lang.NoClassDefFoundError: iaik/tc/tss/impl/java/tcs/TcTcsProperti= es > at > iaik.tc.tss.impl.java.tsp.internal.TcTspProperties.getTspProperties(Unk= nown=20 > > Source) > =20 Ah, this new error is much better. :-) There is a minor bug in TSS 0.2 (with the TcTspProperties referencing=20 TcTcsProperties). It will be fixed in the next release. As a quick=20 workaroung just include iaik_jtss_tcs.jar in your classpath, even if you = do not require the core services. Regards, Ronald --=20 Dipl.-Ing. Ronald T=F6gl phone +43 316/873-5502 Trusted Computing Labs fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
|
From: Carolin L. <car...@un...> - 2008-01-18 12:42:21
|
Got it working!!! :-)
I had to add iaik_jtss_tcs.jar to the classpath in pki_server.sh ( I do
not understand, why I have to add iaik_jtss_tsp.jar to the system's
classpath and iaik_jtss_tcs.jar to the temporary classpath.... but that
doesn't matter as long as there is a working solution).
But there are still some strange things:
If I ask my server for an EK certificate, the answer is:
Validating XKMS message signature using certificate:
CN=IAIK OpenTC XKMS Test Responder,OU=IAIK trusted computing
labs,O=Graz University of Technology,C=AT
XKMS Result message signature is INVALID.
received EK certificate #20080118133421135
exported to file: tybble_ek.cert
That does not happen with your server. I generated my server
certificates using tccert ca.ini and build_certs.sh.
I think, the following server error is a consequence from the one above:
javax.crypto.BadPaddingException: Invalid PKCS#1 padding: no leading zero!
at iaik.pkcs.pkcs1.b.b(Unknown Source)
at iaik.pkcs.pkcs1.RSACipher.a(Unknown Source)
at iaik.pkcs.pkcs1.RSACipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at
iaik.tc.apps.jtt.aik.PrivacyCa.decryptIdentityReqBlob(PrivacyCa.java:246)
at iaik.tc.apps.jtt.aik.PrivacyCa.processRequest(PrivacyCa.java:163)
at
iaik.tc.apps.pki.server.cmd.RPRegisterCreateAIK.process(RPRegisterCreateAIK.java:64)
at
iaik.xkms.server.handler.AbstractHandler.handleRequest(AbstractHandler.java:122)
at iaik.xkms.server.handler.HTTPHandler.run(HTTPHandler.java:139)
Regards and thanks for the help!
Carolin
Ronald Tögl wrote:
> Carolin Latze wrote:
>> But I changed the error now :-) Now, it is
>>
>> java.lang.NoClassDefFoundError:
>> iaik/tc/tss/impl/java/tcs/TcTcsProperties
>> at
>> iaik.tc.tss.impl.java.tsp.internal.TcTspProperties.getTspProperties(Unknown
>>
>> Source)
>>
> Ah, this new error is much better. :-)
>
> There is a minor bug in TSS 0.2 (with the TcTspProperties referencing
> TcTcsProperties). It will be fixed in the next release. As a quick
> workaroung just include iaik_jtss_tcs.jar in your classpath, even if
> you do not require the core services.
>
> Regards, Ronald
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> ------------------------------------------------------------------------
>
> _______________________________________________
> Trustedjava-support mailing list
> Tru...@li...
> https://lists.sourceforge.net/lists/listinfo/trustedjava-support
>
--
Carolin Latze
Research Assistant
Department of Computer Science
Boulevard de Pérolles 90
CH-1700 Fribourg
phone: +41 26 300 83 30
|
|
From: Martin P. <Mar...@ia...> - 2008-01-18 13:17:05
Attachments:
smime.p7s
|
Carolin Latze wrote: > I had to add iaik_jtss_tcs.jar to the classpath in pki_server.sh ( I do > not understand, why I have to add iaik_jtss_tsp.jar to the system's > classpath and iaik_jtss_tcs.jar to the temporary classpath.... but that > doesn't matter as long as there is a working solution). Yes, this is strange, adding the .jars in the server start script should do. The server side does not need a TPM so should be fine with just TSP which is needed for some data structures and helper functions. This works with jTSS 0.1. That TCS is also required with jTSS 0.2 is an unfortunate bug. Sorry about that, but our manpower is limited and we cannot test all functions with all combinations of packages.... > If I ask my server for an EK certificate, the answer is: > > Validating XKMS message signature using certificate: > CN=IAIK OpenTC XKMS Test Responder,OU=IAIK trusted computing > labs,O=Graz University of Technology,C=AT > XKMS Result message signature is INVALID. > > received EK certificate #20080118133421135 > exported to file: tybble_ek.cert > > That does not happen with your server. Our server uses the certificate chains available from: http://opentc.iaik.tugraz.at/index.php?item=certs Also, the release package of JTpmTools is preloaded with the proper certificates, see PCA README, section 2.4.2, last paragraph. If you setup your own PCA you have to generate new certificates. The server signs every answer with the XKMS private key. It is expected JTpmTools has access to the proper certificate with the public key, then "result message signature" will validate ok. > I think, the following server error is a consequence from the one above: > > javax.crypto.BadPaddingException: Invalid PKCS#1 padding: no leading zero! > at iaik.pkcs.pkcs1.b.b(Unknown Source) > at iaik.pkcs.pkcs1.RSACipher.a(Unknown Source) > at iaik.pkcs.pkcs1.RSACipher.engineDoFinal(Unknown Source) > at javax.crypto.Cipher.doFinal(DashoA13*..) > at iaik.tc.apps.jtt.aik.PrivacyCa.decryptIdentityReqBlob(PrivacyCa.java:246) The PCA server fails on decryption of the request blob. JTpmTools encrypts the request blob (as per specification) with the public key contained in the PCA certificate. If you did not replace the PCA certificate shipped originally with JTpmTools it will not decrypt.... > at iaik.tc.apps.jtt.aik.PrivacyCa.processRequest(PrivacyCa.java:163) > at iaik.tc.apps.pki.server.cmd.RPRegisterCreateAIK.process(RPRegisterCreateAIK.java:64) > at iaik.xkms.server.handler.AbstractHandler.handleRequest(AbstractHandler.java:122) > at iaik.xkms.server.handler.HTTPHandler.run(HTTPHandler.java:139) > Regards and thanks for the help! One day this will all be plug'n'play.... ;-) Martin |
|
From: Carolin L. <car...@un...> - 2008-01-18 13:37:01
|
Hi all. Finally..... it works! :-) Yes I know, it was a looong way :-) I just forgot to copy my certificates to the client machine... Thanks for the help! I have one last question (for the moment :-P ): How to you identify the private key on the TPM? If I want to use the AIK for authentication, how do I access the private key? Thanks again! Carolin Martin Pirker wrote: > Carolin Latze wrote: > >> I had to add iaik_jtss_tcs.jar to the classpath in pki_server.sh ( I do >> not understand, why I have to add iaik_jtss_tsp.jar to the system's >> classpath and iaik_jtss_tcs.jar to the temporary classpath.... but that >> doesn't matter as long as there is a working solution). >> > > Yes, this is strange, adding the .jars in the server start script should do. > > The server side does not need a TPM so should be fine with just TSP which > is needed for some data structures and helper functions. This works with > jTSS 0.1. That TCS is also required with jTSS 0.2 is an unfortunate bug. > Sorry about that, but our manpower is limited and we cannot > test all functions with all combinations of packages.... > > >> If I ask my server for an EK certificate, the answer is: >> >> Validating XKMS message signature using certificate: >> CN=IAIK OpenTC XKMS Test Responder,OU=IAIK trusted computing >> labs,O=Graz University of Technology,C=AT >> XKMS Result message signature is INVALID. >> >> received EK certificate #20080118133421135 >> exported to file: tybble_ek.cert >> >> That does not happen with your server. >> > > Our server uses the certificate chains available from: > http://opentc.iaik.tugraz.at/index.php?item=certs > Also, the release package of JTpmTools is preloaded with the > proper certificates, see PCA README, section 2.4.2, last paragraph. > > If you setup your own PCA you have to generate new certificates. > The server signs every answer with the XKMS private key. It is expected > JTpmTools has access to the proper certificate with the public key, then > "result message signature" will validate ok. > > >> I think, the following server error is a consequence from the one above: >> >> javax.crypto.BadPaddingException: Invalid PKCS#1 padding: no leading zero! >> at iaik.pkcs.pkcs1.b.b(Unknown Source) >> at iaik.pkcs.pkcs1.RSACipher.a(Unknown Source) >> at iaik.pkcs.pkcs1.RSACipher.engineDoFinal(Unknown Source) >> at javax.crypto.Cipher.doFinal(DashoA13*..) >> at iaik.tc.apps.jtt.aik.PrivacyCa.decryptIdentityReqBlob(PrivacyCa.java:246) >> > > The PCA server fails on decryption of the request blob. JTpmTools encrypts the > request blob (as per specification) with the public key contained in the > PCA certificate. If you did not replace the PCA certificate shipped > originally with JTpmTools it will not decrypt.... > > >> at iaik.tc.apps.jtt.aik.PrivacyCa.processRequest(PrivacyCa.java:163) >> at iaik.tc.apps.pki.server.cmd.RPRegisterCreateAIK.process(RPRegisterCreateAIK.java:64) >> at iaik.xkms.server.handler.AbstractHandler.handleRequest(AbstractHandler.java:122) >> at iaik.xkms.server.handler.HTTPHandler.run(HTTPHandler.java:139) >> > > >> Regards and thanks for the help! >> > > One day this will all be plug'n'play.... ;-) > > Martin > -- Carolin Latze Research Assistant Department of Computer Science Boulevard de Pérolles 90 CH-1700 Fribourg phone: +41 26 300 83 30 |
|
From: Martin P. <Mar...@ia...> - 2008-01-18 14:27:11
Attachments:
smime.p7s
|
Carolin Latze wrote: > Finally..... it works! :-) Yes I know, it was a looong way :-) > I just forgot to copy my certificates to the client machine... > Thanks for the help! Ok, then we can all have a nice weekend? > I have one last question (for the moment :-P ): How to you identify the > private key on the TPM? If I want to use the AIK for authentication, how > do I access the private key? JTpmTools returns a key blob and a matching certificate. How to load the key into the TSS and maybe import it into the persistant storage of the TSS with an UUID of your choice is homework :-) Martin |
|
From: Carolin L. <car...@un...> - 2008-01-18 15:04:07
|
Hi Martin Martin Pirker wrote: > Carolin Latze wrote: > >> Finally..... it works! :-) Yes I know, it was a looong way :-) >> I just forgot to copy my certificates to the client machine... >> Thanks for the help! >> > > Ok, then we can all have a nice weekend? > Yes, enjoy it :-) > >> I have one last question (for the moment :-P ): How to you identify the >> private key on the TPM? If I want to use the AIK for authentication, how >> do I access the private key? >> > > JTpmTools returns a key blob and a matching certificate. > How to load the key into the TSS and maybe import it into the persistant > storage of the TSS with an UUID of your choice is homework :-) > Ok, that's what I wanted to know :-) I thought, you load it already. Thats an easy one even for me :-P Regards Carolin |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X