Class PECertificate

  extended by PECertificate

public class PECertificate
extends Object

A PE certificate is an instantiation of the TCG Platform Endorsement Credential.

The value "Standard" in Field Status column in the table below means the field is an inherent component of the standard certificate syntax and is not optional.

Some fields are assigned a value even though the certificate user performs no action based on that value. In such cases, the intention is to inhibit non-TCG implementations from making inappropriate use of the certificate.

 Field Name            Description                                                 Field Status
 Version               Certificate syntax version number                           Standard
 Serial Number         Positive integer value unique relative to the issuer        Standard
 Signature Algorithm   Algorithm used by the issuer to sign this certificate       Standard
 Holder                Identity of the associated TPM EK Certificate               Standard
 Issuer                Distinguished name of the platform certificate issuer       Standard
 Validity              Time interval during which the certificate is valid         Standard
 Attributes            Information about the platform of this certificate          Standard
 Certificate Policies  Policy terms under which the certificate was issued         MUST
 Alternative Names     Name forms other than directory distinguished names         MUST
 Authority Key Id      Identifies the subject public key of the certificate issuer SHOULD
 Authority Info Access Indicates how to access CA information                      MAY
 CRL Distribution      Indicates how to access CRL information                     MAY
 Subject Unique Id     Unique value when using a shared subject name               SHOULD NOT
 Issuer Unique Id      Unique value when using a shared issuer name                SHOULD NOT

For details on this certificate please refer to the public TCG specification https://www.trustedcomputinggroup.org/specs/IWG/Credential_Profiles_V1_rev981.pdf

Field Summary
static String policyUserNotice
          "TCPA Trusted Platform Endorsement".
Method Summary
static SubjectAltName alternativeNames(String manufacturer, String model, String version)
          Creates SubjectAlternativeNames extension as specified for a PE
static AttributeCertificate create(Properties prop, X509Certificate caCert, PrivateKey caPrivateKey, X509Certificate ekCert)
          Creates a Platform Endorsement (PE) certificate.
static Attribute platformSpecification(String platformClass, int major, int minor, int revision)
          Creates PlatformSpecification Attribute as specified for a PE.
Methods inherited from class Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail


public static String policyUserNotice
"TCPA Trusted Platform Endorsement".

UserNotice string for PE certificate CertificatePolicies extension.

Method Detail


public static AttributeCertificate create(Properties prop,
                                          X509Certificate caCert,
                                          PrivateKey caPrivateKey,
                                          X509Certificate ekCert)
                                   throws X509ExtensionException,
Creates a Platform Endorsement (PE) certificate.

Before calling set the properties section pointer to the section to be used as input. e.g.

 PECertificate.create(prop, ....);

prop - custom setable properties of certificate
caCert - certificate of issuing authority
caPrivateKey - private key of issuing authority
ekCert - TPM Endorsement Key credential


public static Attribute platformSpecification(String platformClass,
                                              int major,
                                              int minor,
                                              int revision)
Creates PlatformSpecification Attribute as specified for a PE.

The 'TCG Platform Specification' attribute references the platform class, version and revision level of the TCG platform-specific specification to which the platform was designed.

 tCGPlatformSpecification ATTRIBUTE ::= {
     WITH SYNTAX TCGPlatformSpecification
     ID tcg-at-tcgPlatformSpecification }

 TCGSpecificationVersion ::= SEQUENCE {
     majorVersion INTEGER,
     minorVersion INTEGER,
     revision     INTEGER }

 TCGPlatformSpecification ::= SEQUENCE {
     Version TCGSpecificationVersion,
     platformClass OCTET STRING SIZE(4) }


public static SubjectAltName alternativeNames(String manufacturer,
                                              String model,
                                              String version)
Creates SubjectAlternativeNames extension as specified for a PE

Include the platform model, using the directory name-form with RDNs for the platform manufacturer, model and version numbers.

 PlatformManufacturer ATTRIBUTE ::= {
     ID tcg-at-platformManufacturer }

 PlatformModel ATTRIBUTE ::= {
     ID tcg-at-platformModel }

 PlatformVersion ATTRIBUTE ::= {
     ID tcg-at-platformVersion }
Assign "critical" the value TRUE.