Skip to main content
This revision made September 15, 2011 16:19, by ronaldtoegl
« earlier revision revert to this later revision »

Setting up the JSR321 TCK for the IAIK Reference Implementation

This is an informative description of how to use the TCK for IAIK's implementation only. It is not a normative part of the TCK!

First of all, familiarize yourself with the technologies used in the Getting Started Guide on IAIK's reference implementation. You should follow it in detail.

In the beginning create an Attestation Identity Key and store it in your system persistent key storage. For JSR321 implementations using jTSS, this can be achieved with jTT as follows. Note that this performs a local simulation of a PrivacyCA protocol - the created identity key is therefore only good for testing purposes. Repeat the take ownership command first to initialize the storage database (it will not affect your ownership status if a TPM is already owned).

 jtt take_owner -o YourOwnerPassphrase
 jtt aik_create -a justASecret -l testAIKLabel -o YourOwnerPassphrase --keyfile testaik
 jtt import_key --keys testaik --dest SYS --secrets justASecret

This is an example result. Copy and paste the random UUID that is created by jTT. You will need it later to configure the TCK!

   IAIK Java TPM Tools
 11:09:05:539 [INFO] ImportKey::loadKeyChain (133):    testaik2 was registered in persistent storage with UUID: 1e9adbb2-4f1e-4002-8e1e-5da242fab42e
 11:09:05:541 [INFO] ImportKey::loadKeyChain (153):    Key successfully imported!

Now paste the UUID into the file.

We provide a pre-configured script witch covers most settings for the IAIK RI and expects the following file structure


On Linux, start it with

and on Windows with


from the jsr321-tck folder.

Please Confirm