以下是Microsoft TPM库(https://github.com/microsoft/TSS.MSR/blob/master/TSS.NET/Samples/Signing/Program.cs)的示例。尝试创建将用于签名消息的主键失败,Error {BadAuth} was returned for command CreatePrimary
我在Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI\Admin的注册表中查找OwnerAuthFull的值,假设该值为“ foo / bar =”。当我在命令行上运行Get-Tpm时,也会显示该信息。
Tpm2Device tpmDevice = new TbsDevice();
tpmDevice.Connect();
var tpm = new Tpm2( tpmDevice );
var authValueRegistry = Encoding.ASCII.GetBytes( "foo/bar=" );
var ownerAuth = new AuthValue( authValueRegistry );
var keyTemplate = new TpmPublic( TpmAlgId.Sha1, // Name algorithm
ObjectAttr.UserWithAuth | ObjectAttr.Sign | // Signing key
ObjectAttr.FixedParent | ObjectAttr.FixedTPM | // Non-migratable
ObjectAttr.SensitiveDataOrigin,
null, // No policy
new RsaParms( new SymDefObject(),
new SchemeRsassa( TpmAlgId.Sha1 ), 2048, 0 ),
new Tpm2bPublicKeyRsa() );
Console.WriteLine( "Made template" );
var keyAuth = new byte[] { 1, 2, 3 };
TpmPublic keyPublic;
CreationData creationData;
TkCreation creationTicket;
byte[] creationHash;
Console.WriteLine( "try create key" );
var keyHandle = tpm[ownerAuth].CreatePrimary(
TpmRh.Owner, // In the owner-hierarchy
new SensitiveCreate( keyAuth, null ), // With this auth-value
keyTemplate, // Describes key
null, // Extra data for creation ticket
new PcrSelection[ 0 ], // Non-PCR-bound
out keyPublic, // PubKey and attributes
out creationData, out creationHash, out creationTicket ); // Not used here
我希望创建一个密钥并继续运行,但是CreatePrimary()抛出异常,消息为Error {BadAuth} was returned for command CreatePrimary
答案 0 :(得分:1)
忘记ownerAuth并执行以下操作:
var keyHandle = tpm.CreatePrimary(
TpmRh.Owner, // In the owner-hierarchy
new SensitiveCreate( keyAuth, null ), // With this auth-value
keyTemplate, // Describes key
null, // Extra data for creation ticket
new PcrSelection[ 0 ], // Non-PCR-bound
out keyPublic, // PubKey and attributes
out creationData, out creationHash, out creationTicket );
您可以从以下github问题中推断出什么:https://github.com/microsoft/TSS.MSR/issues/43#event-2651641565