[tpm2] CertifyCreation and VerifySignature

[tpm2] CertifyCreation and VerifySignature

[Davide Rutigliano]

[-- Attachment #1: Type: text/plain, Size: 737 bytes --]

Hi all,

I'm trying to use TPM2_VerifySignature to verify the signature (of
creationHash) produced by TPM2_CertifyCreation command, but there's
something wrong...

I have two different signing keys and I want to certify the latter with the
first one.

Key creation goes fine and CertifyCreation too, but when I try to verify
the signature done by TPM2_CertifyCreation with TPM2_VerifySignature on the
same creationHash I get rc = 0x000002db (i.e. tpm:parameter(2):the
signature is not valid).

I'm verifying the signature on the creationHash produced by CertifyCreation
command (as it is specified in TPM2 spec., part 3), but something goes
wrong and I cannot understand what. Could someone help me?

Thanks,
Davide.

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 922 bytes --]

[tpm2] CertifyCreation and VerifySignature

[Davide Rutigliano]

[-- Attachment #1: Type: text/plain, Size: 422 bytes --]

Hi all,

I want to verify the signature of creationHash produced by
TPM2_CertifyCreation command.

When I run the TPM2_VerifySignature on the same creationHash I get rc =
0x000002db (i.e. tpm:parameter(2):the signature is not valid).

Something goes wrong and I cannot understand what.

Should I do sign of HMAC( proof( TK | obj->name | creationHash) ) and then
verify the signature on it?

Thanks,
Davide.

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 607 bytes --]