I've made some minor tweaks to the code samples available at http://privacyca.com/code.html so they will work better together.
The identity.c program now outputs the AIK blob as a file rather than storing it in the TSS database. This is a more general approach and allows it to work with the other programs there. It also takes an optional "-p password" so the AIK can either be created with a password or be no-auth. To use the aikquote and aikqverify programs (which create quotes and verify them) you need to extract the AIK public key in OpenSSL format. This can be done with the following command, using the AIK cert file output by the identity.c program: openssl x509 -in certfile -noout -pubkey > rsakeyfile So here is a sample command sequence to: # generate an AIK (attestation identity key) and receive a AIK certificate on it from privacyca.com: ./identity "test key 1" aik1.blob aik1.cert # extract the AIK public key from the AIK certificate: openssl x509 -in aik1.cert -noout -pubkey > aik1.rsa # Generate a Quote on PCRs 1,2,3: ./aikquote aik1.blob 1 2 3 aik1.quote # Verify the Quote output: ./aikqverify aik1.rsa aik1.quote Hal Finney ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
