10:40 a.m.
Hello,
I am trying to encrypt a file with a key generated by the TPM. I got
everything working and can generate rsa keys with no problem. But when I
try to run the following command
$ tpm2_create -C key2.ctx -Gaes -u key3.pub -r key3.priv
I get an error:
ARNING:esys:src/tss2-esys/api/Esys_Create.c:366:Esys_Create_Finish()
Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Create.c:116:Esys_Create() Esys
Finish ErrorCode (0x0000012f)
ERROR: Esys_Create(0x12F) - tpm:error(2.0): authValue or authPolicy is
not available for selected entity
ERROR: Unable to run tpm2_create
key2 is loaded, so I don't know what the error is. I am using version 3.0.2
from the GitHub repository and running everything in a Raspberry Pi 3. I
have been reading the manual and the option for generating an AES key is
-Gaes, so I don't understand why it is not working.
Thanks in advance for your help.
Iratxe
6:30 p.m.
-----Original Message-----
From: tpm2 [mailto:tpm2-bounces@lists.01.org] On Behalf Of Iratxe González
Garrido
Sent: Tuesday, August 13, 2019 4:40 AM
To: tpm2(a)lists.01.org
Subject: [tpm2] Generating a symmetric key
Hello,
I am trying to encrypt a file with a key generated by the TPM. I got everything
working and can generate rsa keys with no problem. But when I try to run the
following command
$ tpm2_create -C key2.ctx -Gaes -u key3.pub -r key3.priv I get an error:
ARNING:esys:src/tss2-esys/api/Esys_Create.c:366:Esys_Create_Finish() Received
TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Create.c:116:Esys_Create() Esys Finish
ErrorCode (0x0000012f)
ERROR: Esys_Create(0x12F) - tpm:error(2.0): authValue or authPolicy is not
available for selected entity
ERROR: Unable to run tpm2_create
That's error TPM2_RC_AUTH_MISSING which is weird. I'm assuming that the parent
Key doesn't need a password?
Is there any reason you can't use master? The 3.X tools have a lot of issues. Master
is
Currently pointing at or close to what is going to be 4.0-RC0.
key2 is loaded, so I don't know what the error is. I am using
version 3.0.2 from the
GitHub repository and running everything in a Raspberry Pi 3. I have been reading
the manual and the option for generating an AES key is -Gaes, so I don't
understand why it is not working.
Maybe the TPM is returning the wrong error code, does your tpm have support for
AES keys?
If you're on master the command to check is:
$ ./tools/tpm2_getcap commands | grep -i encrypt
encryptdecrypt: <-- required
encryptdecrypt2: <-- optional
I *think* off the top of my head you just need to add a -c for 3.X.... However, note the
string
Names on master are about to change for RC1:
https://github.com/tpm2-software/tpm2-tools/pull/1692
Thanks in advance for your help.
Iratxe
6:32 p.m.
Hi:
My TPM does have support for AES keys. I downloaded version 4 and
everything works.
Thanks
El vie., 23 ago. 2019 a las 19:30, Roberts, William C (<
william.c.roberts(a)intel.com>) escribió:
> -----Original Message-----
> From: tpm2 [mailto:tpm2-bounces@lists.01.org] On Behalf Of Iratxe
González
> Garrido
> Sent: Tuesday, August 13, 2019 4:40 AM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] Generating a symmetric key
>
> Hello,
>
> I am trying to encrypt a file with a key generated by the TPM. I got
everything
> working and can generate rsa keys with no problem. But when I try to run
the
> following command
>
> $ tpm2_create -C key2.ctx -Gaes -u key3.pub -r key3.priv I get an error:
> ARNING:esys:src/tss2-esys/api/Esys_Create.c:366:Esys_Create_Finish()
Received
> TPM Error
> ERROR:esys:src/tss2-esys/api/Esys_Create.c:116:Esys_Create() Esys Finish
> ErrorCode (0x0000012f)
> ERROR: Esys_Create(0x12F) - tpm:error(2.0): authValue or authPolicy is
not
> available for selected entity
> ERROR: Unable to run tpm2_create
That's error TPM2_RC_AUTH_MISSING which is weird. I'm assuming that the
parent
Key doesn't need a password?
Is there any reason you can't use master? The 3.X tools have a lot of
issues. Master is
Currently pointing at or close to what is going to be 4.0-RC0.
> key2 is loaded, so I don't know what the error is. I am using version
3.0.2 from the
> GitHub repository and running everything in a Raspberry Pi 3. I have
been reading
> the manual and the option for generating an AES key is -Gaes, so I don't
> understand why it is not working.
Maybe the TPM is returning the wrong error code, does your tpm have
support for
AES keys?
If you're on master the command to check is:
$ ./tools/tpm2_getcap commands | grep -i encrypt
encryptdecrypt: <-- required
encryptdecrypt2: <-- optional
I *think* off the top of my head you just need to add a -c for 3.X....
However, note the string
Names on master are about to change for RC1:
https://github.com/tpm2-software/tpm2-tools/pull/1692
>
> Thanks in advance for your help.
>
> Iratxe
9:53 p.m.
Some TPMs do. They need to have the encryptdecrypt command interface:
./tools/tpm2_getcap commands 2>/dev/null | grep -i encryptdecrypt
TPM2_CC_EncryptDecrypt:
TPM2_CC_EncryptDecrypt2:
If it doesn’t have that, you won't be able to generate symmetric keys AFAIK.
The only TPM I have heard has support in the wild is Intel PTT. But I could be
wrong on that.
Bill
-----Original Message-----
From: Iratxe González Garrido [mailto:iratxe.ggarrido@gmail.com]
Sent: Monday, August 26, 2019 12:33 PM
To: Roberts, William C <william.c.roberts(a)intel.com>
Cc: tpm2(a)lists.01.org
Subject: Re: [tpm2] Generating a symmetric key
Hi:
My TPM does have support for AES keys. I downloaded version 4 and everything
works.
Thanks
El vie., 23 ago. 2019 a las 19:30, Roberts, William C (<william.c.roberts(a)intel.com
<mailto:william.c.roberts@intel.com> >) escribió:
> -----Original Message-----
> From: tpm2 [mailto:tpm2-bounces@lists.01.org <mailto:tpm2-
bounces(a)lists.01.org> ] On Behalf Of Iratxe González
> Garrido
> Sent: Tuesday, August 13, 2019 4:40 AM
> To: tpm2(a)lists.01.org <mailto:tpm2@lists.01.org>
> Subject: [tpm2] Generating a symmetric key
>
> Hello,
>
> I am trying to encrypt a file with a key generated by the TPM. I got
everything
> working and can generate rsa keys with no problem. But when I try to
run the
> following command
>
> $ tpm2_create -C key2.ctx -Gaes -u key3.pub -r key3.priv I get an error:
> ARNING:esys:src/tss2-esys/api/Esys_Create.c:366:Esys_Create_Finish()
Received
> TPM Error
> ERROR:esys:src/tss2-esys/api/Esys_Create.c:116:Esys_Create() Esys
Finish
> ErrorCode (0x0000012f)
> ERROR: Esys_Create(0x12F) - tpm:error(2.0): authValue or authPolicy is
not
> available for selected entity
> ERROR: Unable to run tpm2_create
That's error TPM2_RC_AUTH_MISSING which is weird. I'm assuming that
the parent
Key doesn't need a password?
Is there any reason you can't use master? The 3.X tools have a lot of
issues. Master is
Currently pointing at or close to what is going to be 4.0-RC0.
> key2 is loaded, so I don't know what the error is. I am using version
3.0.2 from the
> GitHub repository and running everything in a Raspberry Pi 3. I have
been reading
> the manual and the option for generating an AES key is -Gaes, so I don't
> understand why it is not working.
Maybe the TPM is returning the wrong error code, does your tpm have
support for
AES keys?
If you're on master the command to check is:
$ ./tools/tpm2_getcap commands | grep -i encrypt
encryptdecrypt: <-- required
encryptdecrypt2: <-- optional
I *think* off the top of my head you just need to add a -c for 3.X....
However, note the string
Names on master are about to change for RC1:
https://github.com/tpm2-software/tpm2-tools/pull/1692
>
> Thanks in advance for your help.
>
> Iratxe
879
days inactive
892
days old
3 comments
2 participants
participants (2)
-
Iratxe González Garrido -
Roberts, William C