Menu
▾
▴
trustedjava-support
|
From: Till B. <ti...@on...> - 2007-07-18 17:55:01
|
Hello, I try to create an AIK. For this process I need an EK credential. Unfortunately my manufacturer did not deliver one. Can someone give me a hint on how I can create one myself? I set up my own little Privacy CA using openssl and I think I have therefore the necessary Keys and certificates to create an EK cred. I tried to use tccert with my CA but the process failed, even with the included examples: --- $ sh tccert.sh ca ca.ini *** *** *** Welcome to the IAIK JCE Library *** *** *** *** This version of IAIK JCE is licensed for educational and research use *** *** and evaluation only. Commercial use of this software is prohibited. *** *** For details please see http://jcewww.iaik.at/sales/licences/. *** *** This message does not appear in the registered commercial version. *** *** *** generating CA certificates... CAroot iaik.utils.InternalErrorException at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) at iaik.tc.cert.common.Common.writePrivateKeyToFile(Common.java:363) at iaik.tc.TCcert.generateCA(TCcert.java:247) at iaik.tc.TCcert.main(TCcert.java:118) Exception in thread "main" iaik.utils.InternalErrorException at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) at iaik.tc.cert.common.Common.writePrivateKeyToFile(Common.java:363) at iaik.tc.TCcert.generateCA(TCcert.java:247) at iaik.tc.TCcert.main(TCcert.java:118) --- Thanks for your help! -- MfG Till ********************************************** Der Benutzer ist eine nicht zu tolerierende Quelle der Unsicherheit ********************************************** |
|
From: Martin P. <Mar...@ia...> - 2007-07-19 06:45:19
Attachments:
smime.p7s
|
Good morning... Till Bentz wrote: > I try to create an AIK. For this process I need an EK credential. > Unfortunately my manufacturer did not deliver one. Can someone give me a > hint on how I can create one myself? Use TCcert, or use JTpmTools to get one from our demo PrivacyCA setup (mail me for authentication password) > I set up my own little Privacy CA using > openssl and I think I have therefore the necessary Keys and certificates to > create an EK cred. You implemented the additional Trusted Computing certificate structures for OpenSSL? > I tried to use tccert with my CA but the process failed, even with the > included examples: [...] > generating CA certificates... > CAroot > iaik.utils.InternalErrorException > at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) > at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) > at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) > at iaik.tc.cert.common.Common.writePrivateKeyToFile(Common.java:363) > at iaik.tc.TCcert.generateCA(TCcert.java:247) > at iaik.tc.TCcert.main(TCcert.java:118) Last time some had this problem... https://sourceforge.net/mailarchive/forum.php?thread_name=01D30BAC-8036-4A59-9BCC-2101B48ADBA3%40cs.rice.edu&forum_name=trustedjava-support ...he didn't used the signed version of IAIK-JCE. Are you sure you are using the _signed_ .jar version and not the _unsigned_ one? HTH -- Martin Pirker IAIK, TU Graz |
|
From: Till B. <ti...@on...> - 2007-07-19 09:45:11
|
Hello, Thanks for your quick reply! On 7/19/07, Martin Pirker <Mar...@ia...> wrote: > > Good morning... > > Till Bentz wrote: > > I try to create an AIK. For this process I need an EK credential. > > Unfortunately my manufacturer did not deliver one. Can someone give me a > > hint on how I can create one myself? > > Use TCcert, or use JTpmTools to get one from our demo PrivacyCA setup > (mail me for authentication password) > > > > I set up my own little Privacy CA using > > openssl and I think I have therefore the necessary Keys and certificates > to > > create an EK cred. > > You implemented the additional Trusted Computing certificate > structures for OpenSSL? I was not aware of the fact, that I need to implement additional Trusted Computing structures. I just set up a normal CA and use it to sign my client and server certificates. Can I use that CA to sign EKcredentials as well? In other words is it possible to adjust the ini files in tccert so that I can use my own CA or are there any special requirements? > I tried to use tccert with my CA but the process failed, even with the > > included examples: > [...] > > generating CA certificates... > > CAroot > > iaik.utils.InternalErrorException > > at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown > Source) > > at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown > Source) > > at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown > Source) > > at iaik.tc.cert.common.Common.writePrivateKeyToFile(Common.java > :363) > > at iaik.tc.TCcert.generateCA(TCcert.java:247) > > at iaik.tc.TCcert.main(TCcert.java:118) > > Last time some had this problem... > > https://sourceforge.net/mailarchive/forum.php?thread_name=01D30BAC-8036-4A59-9BCC-2101B48ADBA3%40cs.rice.edu&forum_name=trustedjava-support > > ...he didn't used the signed version of IAIK-JCE. > > > Are you sure you are using the _signed_ .jar version and not the > _unsigned_ one? It seems that I did not use the signed version. I downloaded a new version and now it works. HTH > > -- > Martin Pirker > IAIK, TU Graz > > -- MfG Till ********************************************** Der Benutzer ist eine nicht zu tolerierende Quelle der Unsicherheit ********************************************** |
|
From: Martin P. <Mar...@ia...> - 2007-07-19 12:41:42
Attachments:
smime.p7s
|
Till Bentz wrote: > Thanks for your quick reply! Our responsiveness depends on multiple factors. Sometimes there are more resources/manpower available for this project, sometimes less. Currently you appear to be lucky. > On 7/19/07, Martin Pirker <Mar...@ia...> wrote: >> Till Bentz wrote: >> > I try to create an AIK. For this process I need an EK credential. >> > Unfortunately my manufacturer did not deliver one. Can someone give me a >> > hint on how I can create one myself? >> >> Use TCcert, or use JTpmTools to get one from our demo PrivacyCA setup >> (mail me for authentication password) >> >> > I set up my own little Privacy CA using >> > openssl and I think I have therefore the necessary Keys and certificates to >> > create an EK cred. >> >> You implemented the additional Trusted Computing certificate >> structures for OpenSSL? > > I was not aware of the fact, that I need to implement additional Trusted > Computing structures. I just set up a normal CA and use it to sign my > client and server certificates. You can of course use standard software to create CA certificates. The functionality of TCcert to create CA like certificates is only intended for quick testing. > In other words is it > possible to adjust the ini files in tccert so that I can use my own CA or > are there any special requirements? The .ini files should be self-explanatory, just fill in the filenames of your own CA certificates + private keys, TCcert should be able to use them. The EK, PE and AIK certificates contain new Trusted Computing specific structures not (yet) available in standard software. That's what TCcert is good for.... HTH -- Martin Pirker IAIK, TU Graz |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X