TssHighLevel (tpm4java API)

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

de.datenzone.tpm4java
Interface TssHighLevel

All Known Implementing Classes:: TssHighLevelImpl

public interface TssHighLevel

A high level interface to the TPM.

Author:: Erik Tews

Method Summary
`byte[]`	`activateAik(TCPAIdentityCredential cred, int keyHandle, java.lang.String keyPass, java.lang.String ownerPass)` Read the response of an ca.
`byte[]`	`attestPcr(int[] pcrs, byte[] nounce, int keyHandle, java.lang.String keyAuth)` Attests the current state of your pcrs.
`void`	`changeAuth(java.lang.String ownerKey, int selectPassword, java.lang.String newPass)` This will change a password on the TPM.
`byte[]`	`computeSha1(java.io.InputStream is)` Reads all available data and computes the sha1sum over this data.
`byte[]`	`computeSha1ToPcr(int pcrId, java.io.InputStream is)` Reads all available data and computes the sha1sum over this data.
`int`	`createAndStoreKey(int parentKeyHandle, java.lang.String parentAuth, java.lang.String keyAuth)` Generate a new key and store it inside the tpm.
`TPMKeyWrapper`	`createKey(int parentKeyHandle, java.lang.String parentAuth, java.lang.String keyAuth)` Generate a key.
`void`	`decryptFile(int parentKeyHandle, java.lang.String parentAuth, java.lang.String keyAuth, java.io.InputStream fileIn, java.io.OutputStream fileOut)` Decrypt a file which was encrypted using encryptFile.
`void`	`dropKey(int keyId)` Delete a key from the TPM.
`void`	`encryptFile(int parentKeyHandle, java.lang.String parentAuth, java.lang.String keyAuth, java.io.InputStream fileIn, java.io.OutputStream fileOut)` Encrypt a file, or any kind of InputStream.
`int`	`generateAIK(byte[] caId, java.lang.String caLabel, java.lang.String ownerPass, java.lang.String srkPass, java.lang.String newKeyPass, java.security.PublicKey caPubKey, java.io.OutputStream reqestStream, byte[] ek, byte[] pc, byte[] cc)` Generate a new AIK.
`java.util.Random`	`getTpmRandom()`
`int`	`storeKey(int parentKeyHandle, java.lang.String parentAuth, TPMKeyWrapper myKey)` Store a previously generated key inside the tpm.
`TPMKeyWrapper`	`takeOwnership(java.lang.String ownerKey, java.lang.String srkKey)` Take the ownership of the TPM.

Method Detail

computeSha1

byte[] computeSha1(java.io.InputStream is)
                   throws java.io.IOException,
                          TPMException

Reads all available data and computes the sha1sum over this data.

Parameters:: is - An InputStream to read data from. The stream will not be closed, when EOF is reached.
Returns:: A 20 byte long array containing the sha1sum.
Throws:: java.io.IOException - If reading from is fails.; TPMException - If something on the tpm goes wrong.

computeSha1ToPcr

byte[] computeSha1ToPcr(int pcrId,
                        java.io.InputStream is)
                        throws java.io.IOException,
                               TPMException

Reads all available data and computes the sha1sum over this data. The sha1sum will be stored in a pcr.

Parameters:: pcrId - The id of the pcr where the hash will be stored.; is - An InputStream to read data from. The stream will not be closed, when EOF is reached.
Returns:: A 20 byte long array containing the sha1sum.
Throws:: java.io.IOException - If reading from is fails.; TPMException - If something on the tpm goes wrong.

getTpmRandom

java.util.Random getTpmRandom()

Returns:: A random number generator which uses the tpm as a source for random numbers.

takeOwnership

TPMKeyWrapper takeOwnership(java.lang.String ownerKey,
                            java.lang.String srkKey)

Take the ownership of the TPM. All keys are converted to sha1-hashes using UTF16 encoding. There will be NO null-byte included at the end of the string during hashing.

Parameters:: ownerKey - The owner auth secret.; srkKey - The storage root key. This can be null too.
Returns:: A key wrapper.

changeAuth

void changeAuth(java.lang.String ownerKey,
                int selectPassword,
                java.lang.String newPass)

This will change a password on the TPM.

Parameters:: ownerKey - The old password.; selectPassword - 1 for ownerAuth, 2 for srkAuth.; newPass - The new password.

encryptFile

void encryptFile(int parentKeyHandle,
                 java.lang.String parentAuth,
                 java.lang.String keyAuth,
                 java.io.InputStream fileIn,
                 java.io.OutputStream fileOut)

Encrypt a file, or any kind of InputStream.

Parameters:: parentKeyHandle - A handle of a key to use as a parent key.; parentAuth - The secret which was used to protect the parent key.; keyAuth - A secret which will be used to protect the key for the file.; fileIn - A InputStream to read the data to be encrypted from.; fileOut - Where to write the encrypted data.

decryptFile

void decryptFile(int parentKeyHandle,
                 java.lang.String parentAuth,
                 java.lang.String keyAuth,
                 java.io.InputStream fileIn,
                 java.io.OutputStream fileOut)

Decrypt a file which was encrypted using encryptFile.

Parameters:: parentKeyHandle - A handle of a key to use as a parent key.; parentAuth - The secret which was used to protect the parent key.; keyAuth - A secret which will be used to protect the key for the file.; fileIn - A InputStream to read the data to be encrypted from.; fileOut - Where to write the encrypted data.

dropKey

void dropKey(int keyId)

Delete a key from the TPM.

Parameters:: keyId - the keyhandle of the key.

createAndStoreKey

int createAndStoreKey(int parentKeyHandle,
                      java.lang.String parentAuth,
                      java.lang.String keyAuth)

Generate a new key and store it inside the tpm.

Parameters:: parentKeyHandle - The parent key handle, this kan be the SRK too.; parentAuth - The authentication data of the parent key.; keyAuth - The authentication data for the new key.
Returns:: the keyhandle of the new key.

createKey

TPMKeyWrapper createKey(int parentKeyHandle,
                        java.lang.String parentAuth,
                        java.lang.String keyAuth)

Generate a key. The key will not be stored in the tpm.

Parameters:: parentKeyHandle - The parent key handle, this kan be the SRK too.; parentAuth - The authentication data of the parent key.; keyAuth - The authentication data for the new key.
Returns:: the wrapped key.

storeKey

int storeKey(int parentKeyHandle,
             java.lang.String parentAuth,
             TPMKeyWrapper myKey)

Store a previously generated key inside the tpm.

Parameters:: parentKeyHandle - The parent key handle, this kan be the SRK too.; parentAuth - The authentication data of the parent key.; myKey - The key to tore.
Returns:: The keyhandle of the key.

attestPcr

byte[] attestPcr(int[] pcrs,
                 byte[] nounce,
                 int keyHandle,
                 java.lang.String keyAuth)

Attests the current state of your pcrs.

Parameters:: pcrs - The pcrs to use int the attestion.; nounce - The nounce from the remote side.; keyHandle - The key to use, this should be an aik.; keyAuth - The password for the key.
Returns:: The attestion result.

generateAIK

int generateAIK(byte[] caId,
                java.lang.String caLabel,
                java.lang.String ownerPass,
                java.lang.String srkPass,
                java.lang.String newKeyPass,
                java.security.PublicKey caPubKey,
                java.io.OutputStream reqestStream,
                byte[] ek,
                byte[] pc,
                byte[] cc)

Generate a new AIK.

Parameters:: caId - The id of the ca, which should sign it.; caLabel - The label of the ca, which should sign it.; ownerPass - Your owner password.; srkPass - Your srk password.; newKeyPass - The password to protect the new aik.; caPubKey - The public key of the ca.; reqestStream - A Stream where the request will be written to.; ek - The endorsement credential.; pc - The plattform credential.; cc - The conformance credential.
Returns:: the keyhandle of the generated aik.

activateAik

byte[] activateAik(TCPAIdentityCredential cred,
                   int keyHandle,
                   java.lang.String keyPass,
                   java.lang.String ownerPass)

Read the response of an ca.

Parameters:: cred - The credentials, send from the ca.; keyHandle - The keyhandle of the AIK which was used to generate the request.; keyPass - The password of the AIK.; ownerPass - The owner password.
Returns:: The response from the ca as byte-array.