Re: [TrouSerS-users] Use AIK for signing hash

[ceri.coburn]

That makes sense.

Thanks.

 

From: Segall, Ariel E [mailto:aseg...@mitre.org] 
Sent: 17 October 2013 17:10
To: <ceri.cob...@gmail.com> 
Cc: <trousers-users@lists.sourceforge.net>
Subject: Re: [TrouSerS-users] Use AIK for signing hash

 

AIKs can only be used to sign data originating from the TPM. To sign
external data (i.e., a hash you provide) you will need to either use a
signing key, or put the hash into one of the TPM's PCRs and then do a quote
of that PCR with the AIK. 

 

              Ariel

 

On Oct 17, 2013, at 11:50 AM, <ceri.cob...@gmail.com>

 wrote:





Hi,

 

I am trying to use an AIK for signing an SHA-1 hash.  It is my understanding
that the signing process inside Tspi expects a 20 byte value for signing
(size of SHA-1) and the hash object to be of type TSS_HASH_OTHER.
Unfortunately whenever I try to sign a SHA-1 hash value with an AIK key, I
get an "Invalid key usage" error.  If I switch to a signing key, everything
works as expected.  Can the AIK be used to sign external SHA-1 hashes, or is
it a limited key that only signs CertifyKey data and Quote data?

 

Thanks.  

 

 

----------------------------------------------------------------------------
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
from 
the latest Intel processors and coprocessors. See abstracts and register >
 
<http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________>
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk_
______________________________________________
TrouSerS-users mailing list
 <mailto:TrouSerS-users@lists.sourceforge.net>
TrouSerS-users@lists.sourceforge.net
 <https://lists.sourceforge.net/lists/listinfo/trousers-users>
https://lists.sourceforge.net/lists/listinfo/trousers-users

 


______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
TrouSerS-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-users