I'm quite sure that in this step there is a session key wrapped with the main PCA RSA key-pair, the public portion of which you send to the TPM in TPM_CollateIdentityRequest(...).
This symmetric/session key is unwrapped and used to decrypt the larger blob containing the AIK identity proof payload. Ah, here we are, see https://trustedcomputinggroup.org/tpm-main-specification/ TPM Main-Part 2 TPM Structures_v1.2_rev116_01032011 Sections 12.5, 12.6, 12.7, 12.8, and try and put the pieces together. Compare it to what you get as an output from TPM_CollateIdentityRequest(...). There are a lot of nested structs in this situation. -Tadd (949) 672.6669 -----Original Message----- From: Ken Goldman [mailto:[email protected]] Sent: Friday, March 10, 2017 11:28 AM To: [email protected] Subject: Re: [TrouSerS-users] Communication Protocol between TPM and PrivacyCA; On 3/10/2017 12:33 PM, Chris Hawkins wrote: > I did quite a bit of work with the Privacy CA for 1.2. The process, as > described by Pritha, is how I understand it. The one part I question is the client sending the blob with the AIK public key and EK certificate to the CA "encrypted with the public key of the Privacy CA". 1 - This means that the CA would have to use its signing private key in a decryption operation. Such a dual purpose CA key would be unusual. 2 - It's unlikely that the CA (RSA) public key would be large enough to encrypt that blob. ------------------------------------------------------------------------------ Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users Western Digital Corporation (and its subsidiaries) E-mail Confidentiality Notice & Disclaimer: This e-mail and any files transmitted with it may contain confidential or legally privileged information of WDC and/or its affiliates, and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited. If you have received this e-mail in error, please notify the sender immediately and delete the e-mail in its entirety from your system. ------------------------------------------------------------------------------ Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
