From: tpm2 [mailto:firstname.lastname@example.org] On Behalf Of Iratxe González
Sent: Tuesday, August 13, 2019 4:40 AM
Subject: [tpm2] Generating a symmetric key
I am trying to encrypt a file with a key generated by the TPM. I got everything
working and can generate rsa keys with no problem. But when I try to run the
$ tpm2_create -C key2.ctx -Gaes -u key3.pub -r key3.priv I get an error:
ERROR:esys:src/tss2-esys/api/Esys_Create.c:116:Esys_Create() Esys Finish
ERROR: Esys_Create(0x12F) - tpm:error(2.0): authValue or authPolicy is not
available for selected entity
ERROR: Unable to run tpm2_create
That's error TPM2_RC_AUTH_MISSING which is weird. I'm assuming that the parent
Key doesn't need a password?
Is there any reason you can't use master? The 3.X tools have a lot of issues. Master
Currently pointing at or close to what is going to be 4.0-RC0.
key2 is loaded, so I don't know what the error is. I am using
version 3.0.2 from the
GitHub repository and running everything in a Raspberry Pi 3. I have been reading
the manual and the option for generating an AES key is -Gaes, so I don't
understand why it is not working.
Maybe the TPM is returning the wrong error code, does your tpm have support for
If you're on master the command to check is:
$ ./tools/tpm2_getcap commands | grep -i encrypt
encryptdecrypt: <-- required
encryptdecrypt2: <-- optional
I *think* off the top of my head you just need to add a -c for 3.X.... However, note the
Names on master are about to change for RC1:
Thanks in advance for your help.