> -----Original Message----- > From: ted.h.kim(a)oracle.com [mailto:ted.h.kim(a)oracle.com] > Sent: Wednesday, May 20, 2020 7:38 PM > To: Desai, Imran > Cc: tpm2(a)lists.01.org > Subject: [tpm2] Re: trying duplication and then rsa_en/decrypt > > Imran, > > The fix worked -- Thank you. > > One other suggestion would be to add "userwithauth" to the tpm2_create > commands in the man page examples for tpm2_duplicate(1) and > tpm2_policyduplicationselect(1). This would make the duplicated keys in those > examples more useful. That patch I had to revert, a similar fix will come out, but we must not turn down userwith when someone: - doesn't provide attributes via -a - doesn't provide a password - does provide a policy If someone specifies a policy and no password without explicitly providing the attributes, they likely want the authorization to the object to be controlled via policy, not policy and an empty password. So when the tool is choosing attributes that's how it needs to do it. So for your example, you'll have to specify userwithauth and then we will update the manpage to reflect this. Note that your creating an object with no real auth value (empty password), so keep that in mind. > > Since I am on the 4.1.X branch, should I expect this fix to roll out with 4.1.3 ? Why not just bump versions? Everything on 4.X is backwards compat, nothing breaks. You may need to bump your tss version, but again, backwards compat, should just Work. > > Thanks, > -ted > > On 5/20/20 1:49 PM, ted.h.kim(a)oracle.com wrote: > > Imran, > > > > Okay, I will try it out. > > > > Also thanks for the pointer to the example on duplicating objects > > between TPMs. > > > > Thanks, > > -ted > > > > On 5/20/20 12:44 PM, Imran Desai wrote: > >> I have a PR fixing this issue. If you want to try your script with > >> this branch, it is here: > >> https://urldefense.com/v3/__https://github.com/tpm2-software/tpm2-too > >> ls/pull/2038__;!!GqivPVa7Brio!JgE6G26n2bbDPLYBuJ2jf-Buv9U53CDF_b_5y43 > >> EAj8Q9hiybuldt1D8ZH_RPlQ$ > >> _______________________________________________ > >> tpm2 mailing list -- tpm2(a)lists.01.org To unsubscribe send an email > >> to tpm2-leave(a)lists.01.org > >> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s > > > -- > Ted H. Kim, PhD > ted.h.kim(a)oracle.com > +1 310-258-7515 > > _______________________________________________ > tpm2 mailing list -- tpm2(a)lists.01.org > To unsubscribe send an email to tpm2-leave(a)lists.01.org > %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s