Re: [python-win32] Use TPM from Crypto API

2020-11-22 Thread Tim Roberts 
On Nov 22, 2020, at 4:16 AM, Antoine FERRON via python-win32 
 wrote:
> 
> Can you confirm that TPM "Microsoft Platform Crypto Provider" requires "CNG", 
> and pywin32 is only "CAPI" capable ?

This is not a Python question at all.  Look at the MSDN documentation page for 
the CryptEnumProviders API.  You’ll see that it is deprecated, and only 
accesses the base cryptographic provider and the enhanced cryptographic 
provider.  Remember that pywin32 is, in almost every case, a relatively thin 
wrapper around the Windows APIs.


> Anyway, do you have some ideas in mind to reach my goal ?

The APIs from ncrypt.dll are not, as of yet, exposed in pywin32.  You can 
certainly use ctypes to access them.
— 
Tim Roberts, t...@probo.com
Providenza & Boekelheide, Inc.

___
python-win32 mailing list
python-win32@python.org
https://mail.python.org/mailman/listinfo/python-win32

[python-win32] Use TPM from Crypto API

2020-11-22 Thread Antoine FERRON via python-win32 
Hello pywin32 maintainers and enthusiasts,

I intend to use a TPM on Windows to generate, store and sign, through the win32 
CNG API (NCryptCreatePersistedKey 
(https://docs.microsoft.com/en-us/windows/win32/api/ncrypt/nf-ncrypt-ncryptcreatepersistedkey)
 and NCryptSignHash) but within a Python program. When creating a key, one have 
to provide the hProvider (handle the Key Storage Provider) parameter as 
"Microsoft Platform Crypto Provider" to select the TPM target.
My first guess was that pywin32 can be the way to go. But going deeper in the 
docs (http://timgolden.me.uk/pywin32-docs/win32crypt.html) and in the code, I 
now think that it can only use the "legacy" Crypto API ("CAPI") and not the New 
Generation ("CNG"), and the TPM "Microsoft Platform Crypto Provider" looks to 
be only available from the NG interface.
I did the following in Python 3.6.8 :
import win32crypt
print(win32crypt.CryptEnumProviders())
and there only appears legacy key providers, not the new "Microsoft Platform 
Crypto Provider" needed to select the TPM target. There are missing "NG" 
providers from those listed from the "certutil -csplist" command.

Can you confirm that TPM "Microsoft Platform Crypto Provider" requires "CNG", 
and pywin32 is only "CAPI" capable ? Anyway, do you have some ideas in mind to 
reach my goal ?

_
Antoine FERRON
Président — BitLogiK

bitlogik.fr (https://bitlogik.fr) — PGP Key ID#22F95B31 
(https://pgp.key-server.io/0xE353957C22F95B31)
___
python-win32 mailing list
python-win32@python.org
https://mail.python.org/mailman/listinfo/python-win32