From: Roberts, William C <william.c.roberts at intel.com>
To: tpm2@lists.01.org
Subject: [tpm2] Re: trying duplication and then rsa_en/decrypt
Date: Wed, 20 May 2020 15:09:52 +0000 [thread overview]
Message-ID: <476DC76E7D1DF2438D32BFADF679FC5649EEFEE5@ORSMSX101.amr.corp.intel.com> (raw)
In-Reply-To: cc54ff02-467f-e5a0-9a93-3b2470de3533@oracle.com
[-- Attachment #1: Type: text/plain, Size: 2149 bytes --]
+ Imran,
Can you help him out?
Also, can you add to the manpages so theirs examples of using the duplicated key?
> -----Original Message-----
> From: ted.h.kim(a)oracle.com [mailto:ted.h.kim(a)oracle.com]
> Sent: Tuesday, May 19, 2020 8:10 PM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] trying duplication and then rsa_en/decrypt
>
> Folks,
>
> Sorry for what is probably an obvious question ...
>
> I tried the examples in the tpm2_duplicate(1) and
> tpm2_policyduplicationselect(1) man pages. Afterwards, I just wanted to try out
> the duplicated keys. So I tried tpm2_rsaencrypt followed by tpm2_rsadecrypt.
> But when doing the latter, I got:
>
> WARNING:esys:src/tss2-
> esys/api/Esys_RSA_Decrypt.c:305:Esys_RSA_Decrypt_Finish()
> Received TPM Error
> ERROR:esys:src/tss2-esys/api/Esys_RSA_Decrypt.c:102:Esys_RSA_Decrypt()
> Esys Finish ErrorCode (0x0000012f)
> ERROR: Esys_RSA_Decrypt(0x12F) - tpm:error(2.0): authValue or authPolicy is not
> available for selected entity
> ERROR: Unable to run tpm2_rsadecrypt
>
>
> Which I guess means I didn't satisfy the policy for the object. But if I try to run
> tpm2_startauthsession like those man page examples show, I get this error:
>
> WARNING:esys:src/tss2-
> esys/api/Esys_RSA_Decrypt.c:305:Esys_RSA_Decrypt_Finish()
> Received TPM Error
> ERROR:esys:src/tss2-esys/api/Esys_RSA_Decrypt.c:102:Esys_RSA_Decrypt()
> Esys Finish ErrorCode (0x000009a4)
> ERROR: Esys_RSA_Decrypt(0x9A4) - tpm:session(1):the commandCode in the
> policy is not the commandCode of the command or the command code in a policy
> command references a command that is not implemented
> ERROR: Unable to run tpm2_rsadecrypt
>
>
> And so, I am confused now about what I need to do to get these duplicated keys
> to work with tpm2_rsadecrypt.
>
>
> Thanks,
> -ted
>
>
>
> --
> Ted H. Kim, PhD
> ted.h.kim(a)oracle.com
> +1 310-258-7515
>
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
next reply other threads:[~2020-05-20 15:09 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-20 15:09 Roberts, William C [this message]
2020-05-20 17:31 [tpm2] Re: trying duplication and then rsa_en/decrypt Imran Desai
2020-05-20 18:03 ted.h.kim
2020-05-20 18:56 ted.h.kim
2020-05-20 19:15 Imran Desai
2020-05-20 19:38 Imran Desai
2020-05-20 19:44 Imran Desai
2020-05-20 20:49 ted.h.kim
2020-05-21 0:37 ted.h.kim
2020-05-21 15:08 Roberts, William C
2020-05-21 16:18 ted.h.kim
2020-05-21 17:06 Roberts, William C
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=476DC76E7D1DF2438D32BFADF679FC5649EEFEE5@ORSMSX101.amr.corp.intel.com \
--to=tpm2@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.