Hal Finney <hal.finney <at> gmail.com> writes: > > On Fri, Nov 2, 2012 at 5:46 PM, Hal Finney <hal.finney <at> gmail.com> wrote: > > Okay, I've got privacyca.com working with that EK cert you sent. There > > were a couple of problems with that cert relative to the spec. The > > certicatePolicies extension is supposed to be marked critical > > (important), and is supposed to contain a string, TCPA Trusted > > Platform Module Endorsement. This is so it is marked as an Endorsement > > Crential in case they want to use the same key to issue other types of > > certificates, which would be stupid. So I've disabled that check for > > now. > > > > Also, in the SubjectDirectoryAttributes extension, there should be a > > field, supportedAlgorithms. They have it, but with the wrong OID. It's > > supposed to be 2.5.4.52, but they have 2.5.5.52. I've allowed the typo > > as an alternate. > > > > With these changes, Privacy CA returns a response. I can't do a full > > end-to-end test of course. Try it and let me know how it goes. > > > > Hal > >
Hi Hal, Thanks so much. I just tried again, but unfortunately it still fails. Let me know if there is any way I can help you debug this. If it helps you to give you access to our machine with the STM chip, this can be arranged... root@tpm-test:~/PrivacyCA# ./identity testprivacyca outkeyblobfile outcertfile Retrieving PCA certificate... Generating identity key... Sending request to PrivacyCA.com... Processing response... Bad response from PrivacyCA.com: Operation failed: Error in endorsement cert provided in cert-request /level1© root@tpm-test:~/PrivacyCA# PF ------------------------------------------------------------------------------ LogMeIn Central: Instant, anywhere, Remote PC access and management. Stay in control, update software, and manage PCs from one command center Diagnose problems and improve visibility into emerging IT issues Automate, monitor and manage. Do more in less time with Central http://p.sf.net/sfu/logmein12331_d2d _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
