I'm not an expert on the TSS side, but I'll try a few comments. On 3/10/2017 1:32 AM, Pritha Ganguly wrote:
> I can use the Tspi_TPM_CollateIdentity_Request() API to tell the TPM > to create a AIK for me. This API returns a certificate request > structure(public AIK + Endorsement credential of my TPM) encrypted > with the public key of the Privacy CA. The first part (AIK + EK certificate) sounds right. I never heard of encrypting the request with the CA public key. > I need to send this to the Privacy CA so that the Privacy CA can > issue a credential for my AIK.The reply from the Privacy CA will be > encrypted by the public EK of my TPM. The encrypted blob I have to > pass it to Tspi_TPM_ActivateIdentity() to get the credential. This sounds correct. In detail, activate identity likely returns a symmetric key that you use to recover the certificate. The certificate is too large to be encrypted directly with the EK. > I have a very basic doubt. Who will behave as the Privacy CA in this > case? Do I have to create my own CA? I have one for TPM 2.0, but not for 1.2. I don't know if there's an open source CA. > Also, how do I send the output of Tspi_TPM_CollateIdentity_Request() > to the PrivacyCA, as in what protocol is to be followed for the > communication between the TPM and PrivacyCA? I don't know of any standard. I converted the blob to json and sent it over a socket. ------------------------------------------------------------------------------ Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
