> -----Original Message-----
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Iratxe González
> Garrido
> Sent: Tuesday, August 13, 2019 4:40 AM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] Generating a symmetric key
> 
> Hello,
> 
> I am trying to encrypt a file with a key generated by the TPM. I got everything
> working and can generate rsa keys with no problem. But when I try to run the
> following command
> 
> $ tpm2_create -C key2.ctx -Gaes -u key3.pub -r key3.priv I get an error:
> ARNING:esys:src/tss2-esys/api/Esys_Create.c:366:Esys_Create_Finish() Received
> TPM Error
> ERROR:esys:src/tss2-esys/api/Esys_Create.c:116:Esys_Create() Esys Finish
> ErrorCode (0x0000012f)
> ERROR: Esys_Create(0x12F) - tpm:error(2.0): authValue or authPolicy is not
> available for selected entity
> ERROR: Unable to run tpm2_create

That's error TPM2_RC_AUTH_MISSING which is weird. I'm assuming that the parent
Key doesn't need a password?

Is there any reason you can't use master? The 3.X tools have a lot of issues. Master is
Currently pointing at or close to what is going to be 4.0-RC0.

> key2 is loaded, so I don't know what the error is. I am using version 3.0.2 from the
> GitHub repository and running everything in a Raspberry Pi 3. I have been reading
> the manual and the option for generating an AES key is -Gaes, so I don't
> understand why it is not working.

Maybe the TPM is returning the wrong error code, does your tpm have support for
AES keys?

If you're on master the command to check is:
$ ./tools/tpm2_getcap commands | grep -i encrypt
encryptdecrypt: <-- required
encryptdecrypt2: <-- optional

I *think* off the top of my head you just need to add a -c for 3.X.... However, note the string
Names on master are about to change for RC1:
https://github.com/tpm2-software/tpm2-tools/pull/1692

> 
> Thanks in advance for your help.
> 
> Iratxe