Thank you! It works now.
But I have the last problem: Tspi_Data_Unbind returns 0x21 (Decryption error).
Here is my workflow:
1) create and register RSA key, save public part to .pem (inside the 1st tool)
2) encrypt some data by this .pem using openssl tool:
openssl rsautl -encrypt -in ./data.txt -out ./data-secret.txt
-pubin -inkey pubkey.pem
3) load stored key, and unbind data-secret.txt by this key
Here is the code from 2nd tool:
// init context, load SRK, set SRK password
//create secret data object
Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND, &hEncData)
//load data-secret.txt into variable "blob"
// setup hEncData object
Tspi_SetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB, blob_size, blob)
// load stored key by UUID
Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, keyUUID, &hKey)
//try to unbind the data:
Tspi_Data_Unbind(hEncData, hKey, &unbind_size, &unbind_data)
// got 0x21 decrypt error here
I'm really sorry to trouble you, but I'm new to TPM programming.
Everything is not so clear for me.
Thank you very much for your help.
Evgeny
On Wed, Nov 24, 2010 at 1:20 PM, Hal Finney <[email protected]> wrote:
> One problem is the line:
>
>> Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, keyUUID, &hKey);
>
> This will overwrite hKey with what was registered previously. You
> should use a temp variable for the key handle here.
>
> Hal
>
> On Tue, Nov 23, 2010 at 9:00 PM, Evgeny Bronnikov <[email protected]> wrote:
>> Dear Hal,
>>
>> I've tried to load registered key in the same app, but got the same
>> decryption error:
>>
>> //register key hKey
>> TSS_UUID keyUUID = TSS_UUID_USK1;
>> Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, keyUUID, &hKey);
>> result = Tspi_Context_RegisterKey(hContext, hKey, TSS_PS_TYPE_SYSTEM,
>> keyUUID, TSS_PS_TYPE_SYSTEM, SRK_UUID);
>> //everything is ok here
>>
>> //try to load registered key into hKey1
>> result = Tspi_Context_GetKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
>> keyUUID, &hKey1);
>> result = Tspi_Key_LoadKey(hKey1, hSRK); // got error 0x21(Decryption error)
>>
>> I've also tried to create hKey1 object before loading by UUID, but
>> still unsuccessful. Can you please provide any suggests how to work
>> around this problem?
>>
>> Thank you in advance.
>> Evgeny.
>>
>>
>> On Wed, Nov 24, 2010 at 2:40 AM, Hal Finney <[email protected]> wrote:
>>> I don't see anything wrong in what you're doing. You might try doing
>>> GetKeyByUuid and LoadKey immediately after RegisterKey in the first
>>> program to make sure it works there.
>>>
>>> Hal
>>>
>>> On Tue, Nov 23, 2010 at 12:40 AM, Evgeny Bronnikov <[email protected]>
>>> wrote:
>>>> Great! It works fine now. Thank you very much for your help.
>>>>
>>>> This is my code:
>>>>
>>>> Tspi_GetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
>>>> TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &m_size, &m);
>>>> Tspi_GetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
>>>> TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &e_size, &e);
>>>> rsa = RSA_new();
>>>> rsa->n = BN_bin2bn(m, m_size, NULL);
>>>> rsa->e = BN_bin2bn(e, e_size, NULL);
>>>>
>>>>
>>>> But now I have troubles with registering this key. I have this key flags:
>>>> TSS_KEY_TYPE_LEGACY | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE |
>>>> TSS_KEY_NO_AUTHORIZATION.
>>>>
>>>> Tspi_Context_RegisterKey works good, but when I'm trying to load
>>>> stored key from another program, I get error 0x21 (Decryption error):
>>>>
>>>> Tspi_Context_GetKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, keyUUID, &hKey);
>>>> Tspi_Key_LoadKey(hKey, hSRK); // decryption error 0x21 here
>>>>
>>>> I've also tried this code:
>>>> Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, keyUUID, &hKey);
>>>> and got the same error.
>>>>
>>>> What does it mean? I've loaded SRK and set it's password before
>>>> calling this funtion. My RSA-key does not use authorization, so I just
>>>> don't understand why I get such error.
>>>>
>>>> Thanks a lot in advance.
>>>> Evgeny
>>>>
>>>>
>>>> On Tue, Nov 23, 2010 at 1:31 PM, Hal Finney <[email protected]> wrote:
>>>>> This won't work because the SRK cannot decrypt.
>>>>>
>>>>> What you should do is create a new TPM key of type legacy. Read its
>>>>> modulus and exponent and set them into the n and e fields of an
>>>>> OpenSSL RSA object. Then there is an OpenSSL call to write the RSA
>>>>> object in PEM format.
>>>>>
>>>>> Hal Finney
>>>>>
>>>>> On Monday, November 22, 2010, Evgeny Bronnikov <[email protected]>
>>>>> wrote:
>>>>>> Hello!
>>>>>>
>>>>>> I'm trying to save SRK in PEM format, but still unsuccessfull. Here is
>>>>>> my code:
>>>>>>
>>>>>> BYTE* srk_buf = NULL;
>>>>>> UINT32 srk_buf_len = 0;
>>>>>> result = Tspi_TPM_OwnerGetSRKPubKey(hTPM, &srk_buf_len, &srk_buf);
>>>>>> //srk_buf contains some 284 bytes data
>>>>>>
>>>>>> TCPA_PUBKEY srk_pub;
>>>>>> memset(&srk_pub, 0, sizeof(TCPA_PUBKEY));
>>>>>> UINT64 offset = 0;
>>>>>> Trspi_LoadBlob_PUBKEY(&offset, srk_buf, &srk_pub);
>>>>>> // here I have empty srk_pub. all fields of TCPA_PUBKEY are zero
>>>>>>
>>>>>>
>>>>>> Is it possible to save SRK public to PEM format? I want to use this
>>>>>> public key to encrypt some data on the remote server, and then decrypt
>>>>>> this data by TPM on local machine.
>>>>>> I'm not shure if SRK public is accessable outside the TPM. If not,
>>>>>> please suggest how to create RSA key inside TPM and export its public
>>>>>> part as PEM: just a "BEGIN PUBLIC KEY", but not "BEGIN TSS KEY BLOB".
>>>>>>
>>>>>> Thank you very much in advance.
>>>>>> Evgeny
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
