Hello pywin32 maintainers and enthusiasts, I intend to use a TPM on Windows to generate, store and sign, through the win32 CNG API (NCryptCreatePersistedKey (https://docs.microsoft.com/en-us/windows/win32/api/ncrypt/nf-ncrypt-ncryptcreatepersistedkey) and NCryptSignHash) but within a Python program. When creating a key, one have to provide the hProvider (handle the Key Storage Provider) parameter as "Microsoft Platform Crypto Provider" to select the TPM target. My first guess was that pywin32 can be the way to go. But going deeper in the docs (http://timgolden.me.uk/pywin32-docs/win32crypt.html) and in the code, I now think that it can only use the "legacy" Crypto API ("CAPI") and not the New Generation ("CNG"), and the TPM "Microsoft Platform Crypto Provider" looks to be only available from the NG interface. I did the following in Python 3.6.8 : import win32crypt print(win32crypt.CryptEnumProviders()) and there only appears legacy key providers, not the new "Microsoft Platform Crypto Provider" needed to select the TPM target. There are missing "NG" providers from those listed from the "certutil -csplist" command.
Can you confirm that TPM "Microsoft Platform Crypto Provider" requires "CNG", and pywin32 is only "CAPI" capable ? Anyway, do you have some ideas in mind to reach my goal ? _____________________________________ Antoine FERRON Président — BitLogiK bitlogik.fr (https://bitlogik.fr) — PGP Key ID#22F95B31 (https://pgp.key-server.io/0xE353957C22F95B31)
_______________________________________________ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32
