AIKs can only be used to sign data originating from the TPM. To sign external
data (i.e., a hash you provide) you will need to either use a signing key, or
put the hash into one of the TPM's PCRs and then do a quote of that PCR with
the AIK.
Ariel
On Oct 17, 2013, at 11:50 AM,
<[email protected]<mailto:[email protected]>>
wrote:
Hi,
I am trying to use an AIK for signing an SHA-1 hash. It is my understanding
that the signing process inside Tspi expects a 20 byte value for signing (size
of SHA-1) and the hash object to be of type TSS_HASH_OTHER. Unfortunately
whenever I try to sign a SHA-1 hash value with an AIK key, I get an “Invalid
key usage” error. If I switch to a signing key, everything works as expected.
Can the AIK be used to sign external SHA-1 hashes, or is it a limited key that
only signs CertifyKey data and Quote data?
Thanks.
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk_______________________________________________
TrouSerS-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/trousers-users
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
