Re: [python-win32] Use TPM from Crypto API
On Nov 22, 2020, at 4:16 AM, Antoine FERRON via python-win32 wrote: > > Can you confirm that TPM "Microsoft Platform Crypto Provider" requires "CNG", > and pywin32 is only "CAPI" capable ? This is not a Python question at all. Look at the MSDN documentation page for the CryptEnumProviders API. You’ll see that it is deprecated, and only accesses the base cryptographic provider and the enhanced cryptographic provider. Remember that pywin32 is, in almost every case, a relatively thin wrapper around the Windows APIs. > Anyway, do you have some ideas in mind to reach my goal ? The APIs from ncrypt.dll are not, as of yet, exposed in pywin32. You can certainly use ctypes to access them. — Tim Roberts, t...@probo.com Providenza & Boekelheide, Inc. ___ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32
[python-win32] Use TPM from Crypto API
Hello pywin32 maintainers and enthusiasts, I intend to use a TPM on Windows to generate, store and sign, through the win32 CNG API (NCryptCreatePersistedKey (https://docs.microsoft.com/en-us/windows/win32/api/ncrypt/nf-ncrypt-ncryptcreatepersistedkey) and NCryptSignHash) but within a Python program. When creating a key, one have to provide the hProvider (handle the Key Storage Provider) parameter as "Microsoft Platform Crypto Provider" to select the TPM target. My first guess was that pywin32 can be the way to go. But going deeper in the docs (http://timgolden.me.uk/pywin32-docs/win32crypt.html) and in the code, I now think that it can only use the "legacy" Crypto API ("CAPI") and not the New Generation ("CNG"), and the TPM "Microsoft Platform Crypto Provider" looks to be only available from the NG interface. I did the following in Python 3.6.8 : import win32crypt print(win32crypt.CryptEnumProviders()) and there only appears legacy key providers, not the new "Microsoft Platform Crypto Provider" needed to select the TPM target. There are missing "NG" providers from those listed from the "certutil -csplist" command. Can you confirm that TPM "Microsoft Platform Crypto Provider" requires "CNG", and pywin32 is only "CAPI" capable ? Anyway, do you have some ideas in mind to reach my goal ? _ Antoine FERRON Président — BitLogiK bitlogik.fr (https://bitlogik.fr) — PGP Key ID#22F95B31 (https://pgp.key-server.io/0xE353957C22F95B31) ___ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32