trustedjava-support

[Trustedjava-support] How to get Certificates and Keys out of the TPM

[Christoph E. <jt...@eu...>]

Hy,

is there a way to get the certificates issued by the TPM into some 
format that can be read be applications which don't rely on the TSS? So 
export a TcTssValidation to something like X.509 or.... ?

And is there a "nicer" way to convert the public part of a TcIRsaKey 
into a "Java" Public-Key than this:

TcBlobData b = key.getAttribData(
             TcTssConstants.TSS_TSPATTRIB_RSAKEY_INFO,
             TcTssConstants.TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT);
BigInteger EXPONENT = new BigInteger(b.asByteArray());
b = key.getAttribData(
             TcTssConstants.TSS_TSPATTRIB_RSAKEY_INFO,
             TcTssConstants.TSS_TSPATTRIB_KEYINFO_RSA_MODULUS);
BigInteger MODULUS = new BigInteger(b.asByteArray());

RSAPublicKeySpec pubSpec = new RSAPublicKeySpec(MODULUS,EXPONENT);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pub = keyFactory.generatePublic(pubSpec);

Re: [Trustedjava-support] How to get Certificates and Keys out of the TPM

[Martin P. <Mar...@ia...>]

Hi...

Christoph Eunicke wrote:
> is there a way to get the certificates issued by the TPM into some 
> format that can be read be applications which don't rely on the TSS? So 
> export a TcTssValidation to something like X.509 or.... ?

The TPM does not issue certificates.

However, Infineon TPMs provide an on-chip TPM EK X.509 certificate
and the AIK cycle also results in an AIK X.509 certificate. Both are
exported as byte arrays (wrapped as TcBlobData).

If you want to create an X509Certificate Java object from an array
of bytes, you can for example use the IAIK-JCE library and pass the
byte array as constructor argument of the X509Certificate class.


> And is there a "nicer" way to convert the public part of a TcIRsaKey 
> into a "Java" Public-Key than this:

jTSS currently closely follows the C TSS, Java specific helper
methods are lacking. Some stack internal helper methods are
available in e.g. TcCrypto:
 RSAPublicKey pubTpmKeyToJava(TcTpmPubkey pubKey)


Please see the jTSS unit tests and the jTpmTools sources for examples.


HTH,
Martin

-- 
------------------------------------------------------------------------
Dipl.-Ing. Martin Pirker                 <Mar...@ia...>
Institute for Applied Information Processing and Communications,
Graz University of Technology, Austria.      http://www.iaik.tugraz.at/
------------------------------------------------------------------------