Ariel gave very good answers to your questions. I wanted to add that if you go to my http://privacyca.com site and look at the page of sample code, I have example applications to do attestation with or without a Privacy CA, and to make and verify quotes. I don't have code to certify and verify keys, but as Ariel says, the mere fact that a key is certified by a valid AIK proves that it is a TPM key.
Hal Finney On Monday, August 23, 2010, Segall, Ariel E <[email protected]> wrote: > > > > On 8/23/10 12:18 PM, "chloé Fouquet" <[email protected]> wrote: > >> Hi, >> Rajiv, you told me that it is possible to sign non-migratable keys with an >> AIK, but I can't find the method in the TSS Specifications that allows that. > > You're looking for CertifyKey. (Tspi_Key_CertifyKey) > >> >> Is it possible to decrypt an external data using the endorsement key or an >> AIK >> ? If yes, how can we do that ? > > The AIK is a signing key; it certainly can't be used to decrypt data. > The EK can, but within some very limited circumstances: the EK will only > decrypt data as part of the AIC issuance protocol, so you will need to > structure your data accordingly. (If you're not familiar with this protocol, > the CA signing the AIC will encrypt it with a symmetric key, and then > encrypt that symmetric key along with some information about the enclosed > AIC to the EK. The EK will then verify that the AIC is associated with a > local, loaded AIK and decrypt the symmetric key. The TPM doesn't do any > verification of the symmetrically encrypted contents, so you could > theoretically replace the payload with anything you liked.) > >> I'm doing an attestation of a platform between an attesting system and a >> verifier. I use CollateId and ActivateId to have a credential for my new AIK, >> but how can the verifier can be sure that this AIK comes from the TPM ? Is it >> because it sends back a credential partially encrypted with the public >> endorsement key of the attesting system and that the latter will verify that >> the key suggested in the ActivateId method is a good AIK before decrypting >> the >> credential ? > > Yes. Only the TPM with the Endorsement Key you trust will be able to decrypt > the symmetric key and therefore the encrypted certificate, and a TPM will > only provide the decrypted symmetric key to the software if the certified > key is an AIK loaded in that TPM. > >> After that I use Quote to send to the verifier my PCR values. But then I >> would >> like that the verifier could be able to send a data to the attesting system >> and be sure that it will only be open by the tpm of the attesting system, how >> is it possible ? Need I to create a migratable key and send the public part >> to >> the verifier ? The problem is that the verifier only trust the AIK of the >> attesting system for the moment... and I would like something like a session >> key that will encrypt data, whose private key will be stored in the tpm and >> that can prove it to the verifier. > > You can use the AIK to certify other keys using that same Tspi_CertifyKey > command we discussed earlier. In particular, the TPM allows you to create > and certify binding keys that you can use with the Tspi_Data_Bind and > Tspi_Data_Unbind commands, which will allow you to send encrypted data > produced on another machine to be decrypted by that binding key. > >> Last thing, Ariel you told me that a tag is present in the data structure >> when >> we verify a signature but I can't find it in the Structures specifications, >> could you be a bit more precise please ? > > In most of the relevant structures (TPM_SIGN_INFO, TPM_QUOTE2_INFO are > primary ones) you'll see either a "TPM_STRUCTURE_TAG" or a BYTE fixed[4] (or > sometimes both). (Quote has the second: it's the second parameter, and > you'll see that its description is "This SHALL always be the string > 'QUOT'.") Verifying that these tags are correct as part of your quote or > signed data verification will confirm that the data was produced by the > correct command. > > I'm afraid I don't have any insights into why the tagging infrastructure > isn't consistent. Sorry. > > Ariel > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users > ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
