* Re: [tpm2] Generating a symmetric key
@ 2019-08-23 17:30 Roberts, William C
0 siblings, 0 replies; 4+ messages in thread
From: Roberts, William C @ 2019-08-23 17:30 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 1932 bytes --]
> -----Original Message-----
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Iratxe González
> Garrido
> Sent: Tuesday, August 13, 2019 4:40 AM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] Generating a symmetric key
>
> Hello,
>
> I am trying to encrypt a file with a key generated by the TPM. I got everything
> working and can generate rsa keys with no problem. But when I try to run the
> following command
>
> $ tpm2_create -C key2.ctx -Gaes -u key3.pub -r key3.priv I get an error:
> ARNING:esys:src/tss2-esys/api/Esys_Create.c:366:Esys_Create_Finish() Received
> TPM Error
> ERROR:esys:src/tss2-esys/api/Esys_Create.c:116:Esys_Create() Esys Finish
> ErrorCode (0x0000012f)
> ERROR: Esys_Create(0x12F) - tpm:error(2.0): authValue or authPolicy is not
> available for selected entity
> ERROR: Unable to run tpm2_create
That's error TPM2_RC_AUTH_MISSING which is weird. I'm assuming that the parent
Key doesn't need a password?
Is there any reason you can't use master? The 3.X tools have a lot of issues. Master is
Currently pointing at or close to what is going to be 4.0-RC0.
> key2 is loaded, so I don't know what the error is. I am using version 3.0.2 from the
> GitHub repository and running everything in a Raspberry Pi 3. I have been reading
> the manual and the option for generating an AES key is -Gaes, so I don't
> understand why it is not working.
Maybe the TPM is returning the wrong error code, does your tpm have support for
AES keys?
If you're on master the command to check is:
$ ./tools/tpm2_getcap commands | grep -i encrypt
encryptdecrypt: <-- required
encryptdecrypt2: <-- optional
I *think* off the top of my head you just need to add a -c for 3.X.... However, note the string
Names on master are about to change for RC1:
https://github.com/tpm2-software/tpm2-tools/pull/1692
>
> Thanks in advance for your help.
>
> Iratxe
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [tpm2] Generating a symmetric key
@ 2019-08-26 20:53 Roberts, William C
0 siblings, 0 replies; 4+ messages in thread
From: Roberts, William C @ 2019-08-26 20:53 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 3118 bytes --]
Some TPMs do. They need to have the encryptdecrypt command interface:
./tools/tpm2_getcap commands 2>/dev/null | grep -i encryptdecrypt
TPM2_CC_EncryptDecrypt:
TPM2_CC_EncryptDecrypt2:
If it doesn’t have that, you won't be able to generate symmetric keys AFAIK.
The only TPM I have heard has support in the wild is Intel PTT. But I could be
wrong on that.
Bill
> -----Original Message-----
> From: Iratxe González Garrido [mailto:iratxe.ggarrido(a)gmail.com]
> Sent: Monday, August 26, 2019 12:33 PM
> To: Roberts, William C <william.c.roberts(a)intel.com>
> Cc: tpm2(a)lists.01.org
> Subject: Re: [tpm2] Generating a symmetric key
>
> Hi:
>
> My TPM does have support for AES keys. I downloaded version 4 and everything
> works.
> Thanks
>
>
> El vie., 23 ago. 2019 a las 19:30, Roberts, William C (<william.c.roberts(a)intel.com
> <mailto:william.c.roberts(a)intel.com> >) escribió:
>
>
>
>
> > -----Original Message-----
> > From: tpm2 [mailto:tpm2-bounces(a)lists.01.org <mailto:tpm2-
> bounces(a)lists.01.org> ] On Behalf Of Iratxe González
> > Garrido
> > Sent: Tuesday, August 13, 2019 4:40 AM
> > To: tpm2(a)lists.01.org <mailto:tpm2(a)lists.01.org>
> > Subject: [tpm2] Generating a symmetric key
> >
> > Hello,
> >
> > I am trying to encrypt a file with a key generated by the TPM. I got
> everything
> > working and can generate rsa keys with no problem. But when I try to
> run the
> > following command
> >
> > $ tpm2_create -C key2.ctx -Gaes -u key3.pub -r key3.priv I get an error:
> > ARNING:esys:src/tss2-esys/api/Esys_Create.c:366:Esys_Create_Finish()
> Received
> > TPM Error
> > ERROR:esys:src/tss2-esys/api/Esys_Create.c:116:Esys_Create() Esys
> Finish
> > ErrorCode (0x0000012f)
> > ERROR: Esys_Create(0x12F) - tpm:error(2.0): authValue or authPolicy is
> not
> > available for selected entity
> > ERROR: Unable to run tpm2_create
>
> That's error TPM2_RC_AUTH_MISSING which is weird. I'm assuming that
> the parent
> Key doesn't need a password?
>
> Is there any reason you can't use master? The 3.X tools have a lot of
> issues. Master is
> Currently pointing at or close to what is going to be 4.0-RC0.
>
> > key2 is loaded, so I don't know what the error is. I am using version
> 3.0.2 from the
> > GitHub repository and running everything in a Raspberry Pi 3. I have
> been reading
> > the manual and the option for generating an AES key is -Gaes, so I don't
> > understand why it is not working.
>
> Maybe the TPM is returning the wrong error code, does your tpm have
> support for
> AES keys?
>
> If you're on master the command to check is:
> $ ./tools/tpm2_getcap commands | grep -i encrypt
> encryptdecrypt: <-- required
> encryptdecrypt2: <-- optional
>
> I *think* off the top of my head you just need to add a -c for 3.X....
> However, note the string
> Names on master are about to change for RC1:
> https://github.com/tpm2-software/tpm2-tools/pull/1692
>
> >
> > Thanks in advance for your help.
> >
> > Iratxe
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [tpm2] Generating a symmetric key
@ 2019-08-26 17:32
0 siblings, 0 replies; 4+ messages in thread
From: @ 2019-08-26 17:32 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 2264 bytes --]
Hi:
My TPM does have support for AES keys. I downloaded version 4 and
everything works.
Thanks
El vie., 23 ago. 2019 a las 19:30, Roberts, William C (<
william.c.roberts(a)intel.com>) escribió:
>
>
> > -----Original Message-----
> > From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Iratxe
> González
> > Garrido
> > Sent: Tuesday, August 13, 2019 4:40 AM
> > To: tpm2(a)lists.01.org
> > Subject: [tpm2] Generating a symmetric key
> >
> > Hello,
> >
> > I am trying to encrypt a file with a key generated by the TPM. I got
> everything
> > working and can generate rsa keys with no problem. But when I try to run
> the
> > following command
> >
> > $ tpm2_create -C key2.ctx -Gaes -u key3.pub -r key3.priv I get an error:
> > ARNING:esys:src/tss2-esys/api/Esys_Create.c:366:Esys_Create_Finish()
> Received
> > TPM Error
> > ERROR:esys:src/tss2-esys/api/Esys_Create.c:116:Esys_Create() Esys Finish
> > ErrorCode (0x0000012f)
> > ERROR: Esys_Create(0x12F) - tpm:error(2.0): authValue or authPolicy is
> not
> > available for selected entity
> > ERROR: Unable to run tpm2_create
>
> That's error TPM2_RC_AUTH_MISSING which is weird. I'm assuming that the
> parent
> Key doesn't need a password?
>
> Is there any reason you can't use master? The 3.X tools have a lot of
> issues. Master is
> Currently pointing at or close to what is going to be 4.0-RC0.
>
> > key2 is loaded, so I don't know what the error is. I am using version
> 3.0.2 from the
> > GitHub repository and running everything in a Raspberry Pi 3. I have
> been reading
> > the manual and the option for generating an AES key is -Gaes, so I don't
> > understand why it is not working.
>
> Maybe the TPM is returning the wrong error code, does your tpm have
> support for
> AES keys?
>
> If you're on master the command to check is:
> $ ./tools/tpm2_getcap commands | grep -i encrypt
> encryptdecrypt: <-- required
> encryptdecrypt2: <-- optional
>
> I *think* off the top of my head you just need to add a -c for 3.X....
> However, note the string
> Names on master are about to change for RC1:
> https://github.com/tpm2-software/tpm2-tools/pull/1692
>
> >
> > Thanks in advance for your help.
> >
> > Iratxe
>
>
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 2954 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* [tpm2] Generating a symmetric key
@ 2019-08-13 9:40
0 siblings, 0 replies; 4+ messages in thread
From: @ 2019-08-13 9:40 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 924 bytes --]
Hello,
I am trying to encrypt a file with a key generated by the TPM. I got
everything working and can generate rsa keys with no problem. But when I
try to run the following command
$ tpm2_create -C key2.ctx -Gaes -u key3.pub -r key3.priv
I get an error:
ARNING:esys:src/tss2-esys/api/Esys_Create.c:366:Esys_Create_Finish()
Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Create.c:116:Esys_Create() Esys
Finish ErrorCode (0x0000012f)
ERROR: Esys_Create(0x12F) - tpm:error(2.0): authValue or authPolicy is
not available for selected entity
ERROR: Unable to run tpm2_create
key2 is loaded, so I don't know what the error is. I am using version 3.0.2
from the GitHub repository and running everything in a Raspberry Pi 3. I
have been reading the manual and the option for generating an AES key is
-Gaes, so I don't understand why it is not working.
Thanks in advance for your help.
Iratxe
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 1130 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-08-26 20:53 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-23 17:30 [tpm2] Generating a symmetric key Roberts, William C
-- strict thread matches above, loose matches on Subject: below --
2019-08-26 20:53 Roberts, William C
2019-08-26 17:32
2019-08-13 9:40
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.