以下示例为Microsoft TPM 库 ( https://github.com/microsoft/TSS.MSR/blob/master/TSS.NET/Samples/Signing/Program.cs (。尝试创建将用于对消息进行签名的主键失败,并显示Error {BadAuth} was returned for command CreatePrimary
我在注册表中查找 OwnerAuthFull 的值ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTPMWMIAdmin,假设该值为"foo/bar="。当我在命令行上运行 Get-Tpm 时,也会显示这一点。
Tpm2Device tpmDevice = new TbsDevice();
tpmDevice.Connect();
var tpm = new Tpm2( tpmDevice );
var authValueRegistry = Encoding.ASCII.GetBytes( "foo/bar=" );
var ownerAuth = new AuthValue( authValueRegistry );
var keyTemplate = new TpmPublic( TpmAlgId.Sha1, // Name algorithm
ObjectAttr.UserWithAuth | ObjectAttr.Sign | // Signing key
ObjectAttr.FixedParent | ObjectAttr.FixedTPM | // Non-migratable
ObjectAttr.SensitiveDataOrigin,
null, // No policy
new RsaParms( new SymDefObject(),
new SchemeRsassa( TpmAlgId.Sha1 ), 2048, 0 ),
new Tpm2bPublicKeyRsa() );
Console.WriteLine( "Made template" );
var keyAuth = new byte[] { 1, 2, 3 };
TpmPublic keyPublic;
CreationData creationData;
TkCreation creationTicket;
byte[] creationHash;
Console.WriteLine( "try create key" );
var keyHandle = tpm[ownerAuth].CreatePrimary(
TpmRh.Owner, // In the owner-hierarchy
new SensitiveCreate( keyAuth, null ), // With this auth-value
keyTemplate, // Describes key
null, // Extra data for creation ticket
new PcrSelection[ 0 ], // Non-PCR-bound
out keyPublic, // PubKey and attributes
out creationData, out creationHash, out creationTicket ); // Not used here
我希望创建一个密钥并继续运行,但是 CreatePrimary(( 抛出异常并显示消息Error {BadAuth} was returned for command CreatePrimary
忘记ownerAuth并执行以下操作:
var keyHandle = tpm.CreatePrimary(
TpmRh.Owner, // In the owner-hierarchy
new SensitiveCreate( keyAuth, null ), // With this auth-value
keyTemplate, // Describes key
null, // Extra data for creation ticket
new PcrSelection[ 0 ], // Non-PCR-bound
out keyPublic, // PubKey and attributes
out creationData, out creationHash, out creationTicket );
你可以从这个github问题中推断出来:https://github.com/microsoft/TSS.MSR/issues/43#event-2651641565