[gnutls-help] Certtool and TPM

Marcos Simo Pico marcossp at kth.se
Tue Jun 2 11:38:40 CEST 2015

The output I had was:

Setting log level to 9
Generating a signed certificate...
|<3>| ASSERT: tpm.c:482
|<2>| TPM (tpm) error: Authentication failed (1)
|<3>| ASSERT: tpm.c:219
|<3>| ASSERT: tpm.c:222
|<3>| ASSERT: tpm.c:345
|<3>| ASSERT: tpm.c:900
importing key: 
tpmkey:uuid=37cfd26a-e03b-4215-8ed7-3a699f21fd21;storage=user: Error in 
provided SRK password for TPM.

I just reinstalled GnuTLS with PKCS #11 support and now it's working fine.

Thank you very much for your help.


On 01/06/15 21:40, Nikos Mavrogiannopoulos wrote:
> On Mon, 2015-06-01 at 12:38 +0000, Marcos Simó Picó wrote:
>> ​Hi everyone,
>> I'm trying to generate a certificate of a key stored in a TPM using
>> certtool. Basically I was following the commands explained
>> in http://nmav.gnutls.org/2012/08/using-trusted-platform-module-to.html
>> I can generate the RSA key pair and get the public part perfectly,
>> however, when I invoke certtool for generating a certificate, it
>> returns: Error in provided SRK password for TPM.​ As far as I know,
>> there's no option to provide the SRK to certtool.
>> I'm using GnuTLS 3.3.15, and tried to clear the TPM several times and
>> repeat everything with no success.
> Hi,
>   What is the output when you use -d 9? It should have asked for a
> password using the PKCS #11 callback. It is either a regression or you
> have PKCS #11 disabled?
> regards,
> Nikos

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150602/8222da8a/attachment.html>

More information about the Gnutls-help mailing list