One problem is the line: > Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, keyUUID, &hKey);
This will overwrite hKey with what was registered previously. You should use a temp variable for the key handle here. Hal On Tue, Nov 23, 2010 at 9:00 PM, Evgeny Bronnikov <[email protected]> wrote: > Dear Hal, > > I've tried to load registered key in the same app, but got the same > decryption error: > > //register key hKey > TSS_UUID keyUUID = TSS_UUID_USK1; > Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, keyUUID, &hKey); > result = Tspi_Context_RegisterKey(hContext, hKey, TSS_PS_TYPE_SYSTEM, > keyUUID, TSS_PS_TYPE_SYSTEM, SRK_UUID); > //everything is ok here > > //try to load registered key into hKey1 > result = Tspi_Context_GetKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, > keyUUID, &hKey1); > result = Tspi_Key_LoadKey(hKey1, hSRK); // got error 0x21(Decryption error) > > I've also tried to create hKey1 object before loading by UUID, but > still unsuccessful. Can you please provide any suggests how to work > around this problem? > > Thank you in advance. > Evgeny. > > > On Wed, Nov 24, 2010 at 2:40 AM, Hal Finney <[email protected]> wrote: >> I don't see anything wrong in what you're doing. You might try doing >> GetKeyByUuid and LoadKey immediately after RegisterKey in the first >> program to make sure it works there. >> >> Hal >> >> On Tue, Nov 23, 2010 at 12:40 AM, Evgeny Bronnikov <[email protected]> >> wrote: >>> Great! It works fine now. Thank you very much for your help. >>> >>> This is my code: >>> >>> Tspi_GetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO, >>> TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &m_size, &m); >>> Tspi_GetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO, >>> TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &e_size, &e); >>> rsa = RSA_new(); >>> rsa->n = BN_bin2bn(m, m_size, NULL); >>> rsa->e = BN_bin2bn(e, e_size, NULL); >>> >>> >>> But now I have troubles with registering this key. I have this key flags: >>> TSS_KEY_TYPE_LEGACY | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | >>> TSS_KEY_NO_AUTHORIZATION. >>> >>> Tspi_Context_RegisterKey works good, but when I'm trying to load >>> stored key from another program, I get error 0x21 (Decryption error): >>> >>> Tspi_Context_GetKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, keyUUID, &hKey); >>> Tspi_Key_LoadKey(hKey, hSRK); // decryption error 0x21 here >>> >>> I've also tried this code: >>> Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, keyUUID, &hKey); >>> and got the same error. >>> >>> What does it mean? I've loaded SRK and set it's password before >>> calling this funtion. My RSA-key does not use authorization, so I just >>> don't understand why I get such error. >>> >>> Thanks a lot in advance. >>> Evgeny >>> >>> >>> On Tue, Nov 23, 2010 at 1:31 PM, Hal Finney <[email protected]> wrote: >>>> This won't work because the SRK cannot decrypt. >>>> >>>> What you should do is create a new TPM key of type legacy. Read its >>>> modulus and exponent and set them into the n and e fields of an >>>> OpenSSL RSA object. Then there is an OpenSSL call to write the RSA >>>> object in PEM format. >>>> >>>> Hal Finney >>>> >>>> On Monday, November 22, 2010, Evgeny Bronnikov <[email protected]> wrote: >>>>> Hello! >>>>> >>>>> I'm trying to save SRK in PEM format, but still unsuccessfull. Here is >>>>> my code: >>>>> >>>>> BYTE* srk_buf = NULL; >>>>> UINT32 srk_buf_len = 0; >>>>> result = Tspi_TPM_OwnerGetSRKPubKey(hTPM, &srk_buf_len, &srk_buf); >>>>> //srk_buf contains some 284 bytes data >>>>> >>>>> TCPA_PUBKEY srk_pub; >>>>> memset(&srk_pub, 0, sizeof(TCPA_PUBKEY)); >>>>> UINT64 offset = 0; >>>>> Trspi_LoadBlob_PUBKEY(&offset, srk_buf, &srk_pub); >>>>> // here I have empty srk_pub. all fields of TCPA_PUBKEY are zero >>>>> >>>>> >>>>> Is it possible to save SRK public to PEM format? I want to use this >>>>> public key to encrypt some data on the remote server, and then decrypt >>>>> this data by TPM on local machine. >>>>> I'm not shure if SRK public is accessable outside the TPM. If not, >>>>> please suggest how to create RSA key inside TPM and export its public >>>>> part as PEM: just a "BEGIN PUBLIC KEY", but not "BEGIN TSS KEY BLOB". >>>>> >>>>> Thank you very much in advance. >>>>> Evgeny >>> > > ------------------------------------------------------------------------------ > Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! > Tap into the largest installed PC base & get more eyes on your game by > optimizing for Intel(R) Graphics Technology. Get started today with the > Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. > http://p.sf.net/sfu/intelisp-dev2dev > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users > ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
