-----Original Message-----
From: tpm2 [mailto:tpm2-bounces@lists.01.org] On Behalf Of Iratxe González
Garrido
Sent: Tuesday, August 13, 2019 4:40 AM
To: tpm2(a)lists.01.org
Subject: [tpm2] Generating a symmetric key
Hello,
I am trying to encrypt a file with a key generated by the TPM. I got everything
working and can generate rsa keys with no problem. But when I try to run the
following command
$ tpm2_create -C key2.ctx -Gaes -u key3.pub -r key3.priv I get an error:
ARNING:esys:src/tss2-esys/api/Esys_Create.c:366:Esys_Create_Finish() Received
TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Create.c:116:Esys_Create() Esys Finish
ErrorCode (0x0000012f)
ERROR: Esys_Create(0x12F) - tpm:error(2.0): authValue or authPolicy is not
available for selected entity
ERROR: Unable to run tpm2_create
That's error TPM2_RC_AUTH_MISSING which is weird. I'm assuming that the parent
Key doesn't need a password?
Is there any reason you can't use master? The 3.X tools have a lot of issues. Master
is
Currently pointing at or close to what is going to be 4.0-RC0.
key2 is loaded, so I don't know what the error is. I am using
version 3.0.2 from the
GitHub repository and running everything in a Raspberry Pi 3. I have been reading
the manual and the option for generating an AES key is -Gaes, so I don't
understand why it is not working.
Maybe the TPM is returning the wrong error code, does your tpm have support for
AES keys?
If you're on master the command to check is:
$ ./tools/tpm2_getcap commands | grep -i encrypt
encryptdecrypt: <-- required
encryptdecrypt2: <-- optional
I *think* off the top of my head you just need to add a -c for 3.X.... However, note the
string
Names on master are about to change for RC1:
https://github.com/tpm2-software/tpm2-tools/pull/1692
Thanks in advance for your help.
Iratxe