Skip to main content
Last updated July 11, 2012 06:24, by MichaelGissing

Setting up the JSR321 TCK for the IAIK Reference Implementation

This is an informative description of how to use the TCK for IAIK's implementation only. It is not a normative part of the TCK!

First of all, familiarize yourself with the technologies used in the Getting Started Guide on IAIK's reference implementation. You should follow it in detail.

Only then, use jTPMTools to create an Attestation Identity Key and store it in your system persistent key storage. For JSR321 implementations using jTSS, this can be achieved with jTT as follows. Note that this performs a local simulation of a PrivacyCA protocol - the created identity key is therefore only good for testing purposes. Repeat the take ownership command first to initialize the storage database (it will not affect your ownership status if a TPM is already owned).

 jtt take_owner -o YourOwnerPassphrase
 jtt aik_create -a justASecret -l testAIKLabel -o YourOwnerPassphrase --keyfile testaik
 jtt import_key --keys testaik --dest SYS --secrets justASecret

This is an example result. Copy and paste the random UUID that is created by jTT. You will need it later to configure the TCK!

   IAIK Java TPM Tools
 11:09:05:539 [INFO] ImportKey::loadKeyChain (133):    testaik2 was registered in persistent storage with UUID: 1e9adbb2-4f1e-4002-8e1e-5da242fab42e
 11:09:05:541 [INFO] ImportKey::loadKeyChain (153):    Key successfully imported!

Now paste the UUID into the file an enter the chosen secret at the JASPassPhrase=... line.

We provide a pre-configured script witch covers most settings for the IAIK RI and expects the following file structure


With this layout, you can just go to the jsr321-tck directory and,

on Linux, start it with


and on Windows with

Please Confirm