The output I had was:
Setting log level to 9
Generating a signed certificate...
|<3>| ASSERT: tpm.c:482
|<2>| TPM (tpm) error: Authentication failed (1)
|<3>| ASSERT: tpm.c:219
|<3>| ASSERT: tpm.c:222
|<3>| ASSERT: tpm.c:345
|<3>| ASSERT: tpm.c:900
importing key:
tpmkey:uuid=37cfd26a-e03b-4215-8ed7-3a699f21fd21;storage=user: Error in
provided SRK password for TPM.
I just reinstalled GnuTLS with PKCS #11 support and now it's working fine.
Thank you very much for your help.
Best,
Marcos
On 01/06/15 21:40, Nikos Mavrogiannopoulos wrote:
On Mon, 2015-06-01 at 12:38 +0000, Marcos Simó Picó wrote:
Hi everyone,
I'm trying to generate a certificate of a key stored in a TPM using
certtool. Basically I was following the commands explained
in http://nmav.gnutls.org/2012/08/using-trusted-platform-module-to.html
I can generate the RSA key pair and get the public part perfectly,
however, when I invoke certtool for generating a certificate, it
returns: Error in provided SRK password for TPM. As far as I know,
there's no option to provide the SRK to certtool.
I'm using GnuTLS 3.3.15, and tried to clear the TPM several times and
repeat everything with no success.
Hi,
What is the output when you use -d 9? It should have asked for a
password using the PKCS #11 callback. It is either a regression or you
have PKCS #11 disabled?
regards,
Nikos
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
