Thread: [Trustedjava-support] Load SRK encrypted key pair from disc

Brought to you by: jowinter, mpirker_iaik, rtoegl_iaik

trustedjava-support

[Trustedjava-support] Load SRK encrypted key pair from disc

From: Gianfranco R. <gia...@in...> - 2009-08-11 11:55:37

Hello TrustedJava Users,

I' am new to TrustedJava and have the following Problem:

I have created an TPM proteced key pair with libengine-tpm-openssl which
now is stored on my hard disk.
Now i try to load this SRK encrypted key pair with jTSS. Therefore I
only found the function "loadKeyByBlob", but this function seems not
useful for me.

Is there an other possibility to load an encrypted File as key pair with
jTSS??



Thanks in advance!


Gianfranco

Re: [Trustedjava-support] Load SRK encrypted key pair from disc

From: Ronald T. <ron...@ia...> - 2009-08-11 12:54:05

Attachments: smime.p7s

Hi Gianfranco,

With jTSS you can load keys from a byte array, which contains a TCG 
specified TPM_KEY repectively a TPM_KEY12 structure. In the 
loadKeyByBlob method you can also specify the SRK as parent.

However, I do not have the faintest idea how libengine-tpm-openssl keys 
are formatted and therefore I cannot tell you the details of how to 
import them to jTSS.

hth, Ronald

Gianfranco Ricci wrote:
> Hello TrustedJava Users,
> 
> I' am new to TrustedJava and have the following Problem:
> 
> I have created an TPM proteced key pair with libengine-tpm-openssl which
> now is stored on my hard disk.
> Now i try to load this SRK encrypted key pair with jTSS. Therefore I
> only found the function "loadKeyByBlob", but this function seems not
> useful for me.
> 
> Is there an other possibility to load an encrypted File as key pair with
> jTSS??

-- 
Dipl.-Ing. Ronald Tögl          phone +43 316/873-5502
Trusted Computing Labs          fax   +43 316/873-5520
IAIK                            ron...@ia...
Graz University of Technology   http://www.iaik.tugraz.at

Re: [Trustedjava-support] Load SRK encrypted key pair from disc

From: Gianfranco R. <gia...@in...> - 2009-08-12 06:58:45

Hello Ronald,

thanks for your fast response.
I will try to use loadKeyByBlob for importing my key.
libengine-tpm-openssl should create a TCG conform TPM_KEY structure, so
loadKeyByBlob should be fine.


Gianfranco


Ronald Tögl schrieb:
> Hi Gianfranco,
>
> With jTSS you can load keys from a byte array, which contains a TCG
> specified TPM_KEY repectively a TPM_KEY12 structure. In the
> loadKeyByBlob method you can also specify the SRK as parent.
>
> However, I do not have the faintest idea how libengine-tpm-openssl
> keys are formatted and therefore I cannot tell you the details of how
> to import them to jTSS.
>
> hth, Ronald
>
> Gianfranco Ricci wrote:
>> Hello TrustedJava Users,
>>
>> I' am new to TrustedJava and have the following Problem:
>>
>> I have created an TPM proteced key pair with libengine-tpm-openssl which
>> now is stored on my hard disk.
>> Now i try to load this SRK encrypted key pair with jTSS. Therefore I
>> only found the function "loadKeyByBlob", but this function seems not
>> useful for me.
>>
>> Is there an other possibility to load an encrypted File as key pair with
>> jTSS??
>
>

Re: [Trustedjava-support] Load SRK encrypted key pair from disc

From: Gianfranco R. <gia...@in...> - 2009-08-13 14:28:27

Hello Ronald,

it seems that I successfully a libengine-tpm-openssl Key with
TrustedJava. I can convert it into a Java RSA key pair and print the
public part to command line for example.

But when I try to use this key *hash.sign(tcRSAKey)*  I am asked for a
password. The key itself has *no* authorization data, the parent key
(SRK) has the TSS_WELL_KNOWN_SECRET. Why I'am asked for a password and
how can I set the correct policy to ask for no password?


Here my sample code:


public class Test {
...
    public static void main(String[] args) throws TcTssException {

        File file = new File("/home/gian/KEY");

        try {

            keyfis = new FileInputStream(file);
            encKey = new byte[keyfis.available()];
            keyfis.read(encKey);
            keyfis.close();

            wrapped_tcRsaKey = TcBlobData.newByteArray(encKey);

        } catch (IOException ex) {
            //ex.printStackTrace();
        }

        context_ = new TcTssContextFactory().newContextObject();
        context_.connect();

        srk_ =
context_.loadKeyByUuidFromSystem(TcUuidFactory.getInstance().getUuidSRK());

        srkPolicy =
context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
        srkPolicy.setSecret(SRK_SECRET_MODE, SRK_SECRET);
        srkPolicy.assignToObject(srk_);

        tpmPolicy =
context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
        tpmPolicy.setSecret(OWNER_SECRET_MODE, OWNER_SECRET);

        tcRSAKey = context_.loadKeyByBlob(srk_, wrapped_tcRsaKey);
    
        TcIHash hash =
context_.createHashObject(TcTssConstants.TSS_HASH_SHA1);
        hash.updateHashValue(TcBlobData.newString("text"));
        hash.sign(tcRSAKey); // askes for secret  
       
        tcRSAKey.unloadKey();

    }
}


Thanks in advance!

Gianfranco


Ronald Tögl schrieb:
> Hi Gianfranco,
>
> With jTSS you can load keys from a byte array, which contains a TCG
> specified TPM_KEY repectively a TPM_KEY12 structure. In the
> loadKeyByBlob method you can also specify the SRK as parent.
>
> However, I do not have the faintest idea how libengine-tpm-openssl
> keys are formatted and therefore I cannot tell you the details of how
> to import them to jTSS.
>
> hth, Ronald
>
> Gianfranco Ricci wrote:
>> Hello TrustedJava Users,
>>
>> I' am new to TrustedJava and have the following Problem:
>>
>> I have created an TPM proteced key pair with libengine-tpm-openssl which
>> now is stored on my hard disk.
>> Now i try to load this SRK encrypted key pair with jTSS. Therefore I
>> only found the function "loadKeyByBlob", but this function seems not
>> useful for me.
>>
>> Is there an other possibility to load an encrypted File as key pair with
>> jTSS??
>
>

Re: [Trustedjava-support] Load SRK encrypted key pair from disc

From: Martin P. <Mar...@ia...> - 2009-08-17 07:35:10

Gianfranco Ricci wrote:
> But when I try to use this key *hash.sign(tcRSAKey)*  I am asked for a
> password. The key itself has *no* authorization data, the parent key
> (SRK) has the TSS_WELL_KNOWN_SECRET. Why I'am asked for a password and
> how can I set the correct policy to ask for no password?

try
  keyPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_NONE,null)

HTH,
Martin