[gnutls-help] Certtool and TPM
Marcos Simo Pico
marcossp at kth.se
Tue Jun 2 11:38:40 CEST 2015
The output I had was:
Setting log level to 9
Generating a signed certificate...
|<3>| ASSERT: tpm.c:482
|<2>| TPM (tpm) error: Authentication failed (1)
|<3>| ASSERT: tpm.c:219
|<3>| ASSERT: tpm.c:222
|<3>| ASSERT: tpm.c:345
|<3>| ASSERT: tpm.c:900
importing key:
tpmkey:uuid=37cfd26a-e03b-4215-8ed7-3a699f21fd21;storage=user: Error in
provided SRK password for TPM.
I just reinstalled GnuTLS with PKCS #11 support and now it's working fine.
Thank you very much for your help.
Best,
Marcos
On 01/06/15 21:40, Nikos Mavrogiannopoulos wrote:
> On Mon, 2015-06-01 at 12:38 +0000, Marcos Simó Picó wrote:
>> Hi everyone,
>> I'm trying to generate a certificate of a key stored in a TPM using
>> certtool. Basically I was following the commands explained
>> in http://nmav.gnutls.org/2012/08/using-trusted-platform-module-to.html
>> I can generate the RSA key pair and get the public part perfectly,
>> however, when I invoke certtool for generating a certificate, it
>> returns: Error in provided SRK password for TPM. As far as I know,
>> there's no option to provide the SRK to certtool.
>> I'm using GnuTLS 3.3.15, and tried to clear the TPM several times and
>> repeat everything with no success.
> Hi,
> What is the output when you use -d 9? It should have asked for a
> password using the PKCS #11 callback. It is either a regression or you
> have PKCS #11 disabled?
>
> regards,
> Nikos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150602/8222da8a/attachment.html>
More information about the Gnutls-help
mailing list