I am writing a c++ application on ubuntu 22.04 server that needs to encrypt and decrypt files and am using the FAPI api. The files need to be secured until the application uses them at a later time, so I am receiving plain files and encrypting them using Fapi_Encrypt().

I tried following the pattern in the integration tests found in the tpm2-tools. (tpm2-tools/test/integration/fapi/fapi-encrypt-decrypt.sh)

It basically does the following:
Fapi_Initialize(&global_fapi_context, NULL);
Fapi_Provision (global_fapi_context, NULL, NULL, NULL);

const char * key_type = "noDa, decrypt, system";
char * auth_value = NULL; // no password
char * policy_path = NULL;
Fapi_CreateKey (global_fapi_context, key_path, key_type, policy_path, auth_value);

Fapi_Encrypt (global_fapi_context, key_path, (const uint8_t*)data, size, &cipherText, &cipherTextSize);

The files (data buffer) I need to encrypt are about 3k bytes big.

The encryption fails because the file is too big. The error comes from
.../tpm2-tss/src/tss2-fapi/api/Fapi_Encrypt.c line 309:

if (encKeyObject->misc.key.public.publicArea.type == TPM2_ALG_RSA) {
                TPM2B_DATA null_data = { .size = 0, .buffer = {} };
                TPM2B_PUBLIC_KEY_RSA *rsa_message = (TPM2B_PUBLIC_KEY_RSA *)&context->aux_data;
                size_t key_size =
                    encKeyObject->misc.key.public.publicArea.parameters.rsaDetail.keyBits / 8;
                if (context->cmd.Data_EncryptDecrypt.in_dataSize > key_size) {
                    goto_error_reset_state(r, TSS2_FAPI_RC_BAD_VALUE,
                                           "Size to big for RSA encryption.", error_cleanup);


Is my strategy completely wrong? What's the proper way to do this?  Is my strategy ok, but need to generate a different type of key?

I'm new to this technology and am curious how it ought to be done.
_______________________________________________
tpm2 mailing list -- tpm2@lists.01.org
To unsubscribe send an email to tpm2-leave@lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s