Hi Robb,
> // Assign SRKPolicy with password in it to UnBindKey
> result = Tspi_Policy_AssignToObject(hSRKPolicy, hUnBind_Key);
> DBG("Put unbind key into unbind ",result);
I believe this will work only if your SRK secret and unbinding key's
secret are the same. Otherwise you'll need to create a new policy
object (Tspi_Context_CreateObject) and assign it to your unbinding key
(Tspi_Policy_AssignToObject). Hopefully the man pages included in
trousers will help some here.
> I am afraid I am not used to the policy/object programming paradigm, so
> your explanation left me scratching my head a little. I am also having
> trouble understanding where this happens to hKey in Tspi_Data_Unbind05.c
Notice there that when the hKey object was created, the initFlags
contained TSS_KEY_NO_AUTHORIZATION , which tells trousers to create a
key object that doesn't require a secret. Since it doesn't require a
secret we don't assign a policy object to it. Policy objects are only
used to hold secrets.
Kent
> Unless it is automatic during Tspi_Key_Create_Key
> Thank you for being so helpful.
>
> -Robb
>
> -Robb
>
>
> ------------------------------------------------------------------------------
> For Developers, A Lot Can Happen In A Second.
> Boundary is the first to Know...and Tell You.
> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
> http://p.sf.net/sfu/Boundary-d2dvs2
> _______________________________________________
> TrouSerS-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/trousers-users
--
IBM LTC Security
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
