get the TPM "name" from the RSA or ECC PEM public key
tpm2_createek -c /tmp/ek.ctx -G rsa -u /tmp/ek.pub
tpm2_readpublic -c /tmp/ek.ctx -o /tmp/ek.pem -f PEM -n /tmp/ek.name$ tpm2_readpublic -c /tmp/ek.ctx -o /tmp/ek.pem -f PEM -n /tmp/ek.name
name: 000b4d3357281b8f58dff62a56ca93ea87dfa9499ac122ed047e23ac682e06559b0c
qualified name: 000bf9b88a8403915fcfba04592bed7abb08f9ef9e985386ceca7f16a65fd00ed368
name-alg:
value: sha256
raw: 0xb
attributes:
value: fixedtpm|fixedparent|sensitivedataorigin|adminwithpolicy|restricted|decrypt
raw: 0x300b2
type:
value: rsa
raw: 0x1
exponent: 65537
bits: 2048
scheme:
value: null
raw: 0x10
scheme-halg:
value: (null)
raw: 0x0
sym-alg:
value: aes
raw: 0x6
sym-mode:
value: cfb
raw: 0x43
sym-keybits: 128
rsa: b1f52d9511a702e59c1310eab13dd2e579c9c67f28a7fbc62a9243c594ab4d4cfe9e055de4f20b712cf28320327a0786350dc9a1eec47779b1a3af34cef3ec8aebd52fad5bb4fbc6b2c687172990e64dee8805b28577663386fa876ba2cd8d239a2c1dae09b9c6eb1a4d7f56ac8590a9ec08cd99f39c5050027c17034c734cb595a8dd87533c09063c5cc71a9075b5e02c4ad9ba2f235d46c0ca7b864f6f063f4c55bcc38a750a232962dc00a3e585619fb0238b1589643d8b14554ee0fdbadc30df4a2c11e3d580722771fa55bc61ebbe6767dfccf67cea6a90f5297d2775bc04cb44faac5c6e855945191dc32b1ad167911edcc646a425f3b0e5f5256245b1
authorization policy: 837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa$ go run get_name.go -ekpubFile=/tmp/ek.pem --parentKeyType=rsa_ek
Name 000b4d3357281b8f58dff62a56ca93ea87dfa9499ac122ed047e23ac682e06559b0ctpm2_createek -c /tmp/ek.ctx -G ecc -u /tmp/ek.pub
tpm2_readpublic -c /tmp/ek.ctx -o /tmp/ek.pem -f PEM -n /tmp/ek.name
name: 000b42a940336eba61a111ec712ac07d702137c97c9cb35b07e65b2749e85859267e
qualified name: 000b358be7fd283c67ff317822770c7aefba61aba4adb58bdca5ba0cdd42cb43122b
name-alg:
value: sha256
raw: 0xb
attributes:
value: fixedtpm|fixedparent|sensitivedataorigin|adminwithpolicy|restricted|decrypt
raw: 0x300b2
type:
value: ecc
raw: 0x23
curve-id:
value: NIST p256
raw: 0x3
kdfa-alg:
value: null
raw: 0x10
kdfa-halg:
value: (null)
raw: 0x0
scheme:
value: null
raw: 0x10
scheme-halg:
value: (null)
raw: 0x0
sym-alg:
value: aes
raw: 0x6
sym-mode:
value: cfb
raw: 0x43
sym-keybits: 128
x: 895e5cc562f7ee9287080da3b85a682a29894feae53c5a53d00d1713ff322e35
y: 6c657e8a19f13f4dc48b224125b710e94097cc6918d99eef755ebf86a98e43d5
authorization policy: 837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa
$ go run get_name.go -ekpubFile=/tmp/ek.pem --parentKeyType=ecc_ek
Name 000b42a940336eba61a111ec712ac07d702137c97c9cb35b07e65b2749e85859267eprintf '\x00\x00' > /tmp/unique.dat
tpm2_createprimary -C o -G ecc -g sha256 \
-c primary.ctx \
-a "fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda|restricted|decrypt" -u /tmp/unique.dat
tpm2_readpublic -c /tmp/primary.ctx -o /tmp/public.pem -f PEM -n /tmp/primary.name
name: 000b1cfb8406e2cc00981afed1953506156d21463021d34f4367c1249556769ed3ed
qualified name: 000b3460922c3e6563bdbb4fb27bd6cecbca309347a58b7fe0625f8c6ca459544608
name-alg:
value: sha256
raw: 0xb
attributes:
value: fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda|restricted|decrypt
raw: 0x30472
type:
value: ecc
raw: 0x23
curve-id:
value: NIST p256
raw: 0x3
kdfa-alg:
value: null
raw: 0x10
kdfa-halg:
value: (null)
raw: 0x0
scheme:
value: null
raw: 0x10
scheme-halg:
value: (null)
raw: 0x0
sym-alg:
value: aes
raw: 0x6
sym-mode:
value: cfb
raw: 0x43
sym-keybits: 128
x: d984a861ac31878aa3860faa27b8fbbe97d41c721066af623f0ec0b812cb1418
y: 5d783c245f16188648e4bb4f9cd9a7d7d05911d92940e68e00d1616a2aeda375
$ go run get_name.go -ekpubFile=/tmp/public.pem --parentKeyType=h2
Name 000b1cfb8406e2cc00981afed1953506156d21463021d34f4367c1249556769ed3edpackage main
import (
"crypto/ecdsa"
"crypto/rsa"
"crypto/x509"
"encoding/hex"
"encoding/pem"
"flag"
"fmt"
"os"
keyfile "github.com/foxboron/go-tpm-keyfiles"
"github.com/google/go-tpm/tpm2"
)
var (
ekpubFile = flag.String("ekpubFile", "/tmp/ek.pem", "Path to the ekPublicKey.")
parentKeyType = flag.String("parentKeyType", "rsa_ek", "rsa_ek|ecc_ek|h2 (default rsa_ek)")
)
const ()
func main() {
os.Exit(run()) // since defer func() needs to get called first
}
func run() int {
flag.Parse()
ep, err := os.ReadFile(*ekpubFile)
if err != nil {
fmt.Fprintf(os.Stdout, " error reading tpmPublicKeyFile : %v", err)
return 1
}
var ekPububFromPEMTemplate tpm2.TPMTPublic
block, _ := pem.Decode(ep)
parsedKey, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
fmt.Fprintf(os.Stdout, " error parsing encrypting public key : %v", err)
return 1
}
switch pub := parsedKey.(type) {
case *rsa.PublicKey:
rsaPub, ok := parsedKey.(*rsa.PublicKey)
if !ok {
fmt.Fprintf(os.Stdout, " error converting encryptingPublicKey to rsa")
return 1
}
ekPububFromPEMTemplate = tpm2.RSAEKTemplate
ekPububFromPEMTemplate.Unique = tpm2.NewTPMUPublicID(
tpm2.TPMAlgRSA,
&tpm2.TPM2BPublicKeyRSA{
Buffer: rsaPub.N.Bytes(),
},
)
case *ecdsa.PublicKey:
ecPub, ok := parsedKey.(*ecdsa.PublicKey)
if !ok {
fmt.Fprintf(os.Stdout, " error converting encryptingPublicKey to ecdsa")
return 1
}
if *parentKeyType == "h2" {
ekPububFromPEMTemplate = keyfile.ECCSRK_H2_Template
} else {
ekPububFromPEMTemplate = tpm2.ECCEKTemplate
}
ekPububFromPEMTemplate.Unique = tpm2.NewTPMUPublicID(
tpm2.TPMAlgECC,
&tpm2.TPMSECCPoint{
X: tpm2.TPM2BECCParameter{
Buffer: ecPub.X.Bytes(),
},
Y: tpm2.TPM2BECCParameter{
Buffer: ecPub.Y.Bytes(),
},
},
)
default:
fmt.Fprintf(os.Stdout, "unsupported public key type %v", pub)
return 1
}
ekName, err := tpm2.ObjectName(&ekPububFromPEMTemplate)
if err != nil {
fmt.Fprintf(os.Stdout, " failed to get name from ekPububFromPEMTemplate: %v", err)
return 1
}
fmt.Printf("Name %s\n", hex.EncodeToString(ekName.Buffer))
return 0
}