Hi Segall. 10x for the quick reply.
The answer helps a little, i read again more closely the manual and saw that i
was on the right track.
So as I said, till now i've done something like this:
create a key by doing this:
initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_512 | TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
Tspi_Context_LoadKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,SRK_UUID,&hSRK);
Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&hPolicySRK);
Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hPolicySRK);
Tspi_Policy_SetSecret(hPolicySRK, TSS_SECRET_MODE_PLAIN, secret_srk_len,
(BYTE*)secret_srk)
Tspi_Policy_AssignToObject(hPolicySRK, hSRK);
Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_RSAKEY,initFlags,&hKey);
Tspi_SetAttribUint32(hKey,TSS_TSPATTRIB_KEY_INFO,TSS_TSPATTRIB_KEYINFO_ENCSCHEME,TSS_ES_RSAESPKCSV15);
Tspi_Key_CreateKey(hKey,hSRK,0);
So, basically I have a 512 RSA key that I will use for binding.
next...read the data from a file.
FILE *fIn=fopen("filetoread","r");
fseek(fIn,0,SEEK_END);
in_size=ftell(fIn);
rewind(fIn);
in=new unsigned char[in_size];
fread(in,1,in_size,fIn);
and going for the binding now...
Tspi_Context_CreateObject( hContext,TSS_OBJECT_TYPE_ENCDATA,TSS_ENCDATA_BIND,
&hEncData );
Tspi_GetAttribUint32( hKey, TSS_TSPATTRIB_KEY_INFO,TSS_TSPATTRIB_KEYINFO_SIZE,
&keySize );
Tspi_Data_Bind( hEncData, hKey, in_size, in);
So, what i understand from this, is that I encryped the data read from the file
using the Public RSA key I created with Tspi_Key_Create. Am I right?
Now I am asking...the data I binded must be a symmetric key? Or can I use this
procedure just to encrypt a plaintext with the Public RSA key?
After all of this, I tried using Tspi_GetAttribData(
hEncData,TSS_TSPATTRIB_ENCDATA_BLOB,TSS_TSPATTRIB_ENCDATABLOB_BLOB,&temp_out_size,&tmp_out);
definition: Data blob that represents the encrypted data depending on its type
(seal, bind or legacy).
So if do this, then I would have to do Tspi_Data_Unbind and i practically get
the plaintext I encrypted?
>From your message I understood that I need to generate myself or get from
>somewhere a symmetric key...which after I binded it with the key(generated
>with Tspi_Key_Create) i need to load it into the tpm, and use this key for
>encryption.
10x again for the help.
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
