Reputation: 59
How to create a private key in TPM, create a CSR and lock down the TPM?
Our app (C#, Win10, WPF) needs to store a private key for signing of messages sent to a hardware device. This device trusts our CA so I want the CA to sign a certificate for us.
I have been looking into TPM APIs on Windows but I am having trouble figuring out how to create a private key, store it in the TPM, create a CSR and then lock down the TPM so no process can read the private key or modify it. I ideally I would like to restrict TPM access so only certain processes can sign data with that key.
Does anyone know how to go about this in Windows 10 and what APIs to use?
Upvotes: 3
Views: 8390
Answers (1)
Reputation: 531
Try this: https://security.stackexchange.com/a/179422/68088
You'll need to create an inf file with configuration parameters. The TPM converts that into a CSR, which you can send over to your CA. The above guide is especially useful on a Windows 10 machine if it is equipped with a TPM.
Upvotes: 4
Related Questions
- How to create .pfx file from certificate and private key?
- How to encrypt bytes using the TPM (Trusted Platform Module)
- How to export public key from TPM with TSS.net?
- Public key encryption on TPM2 using TSS.NET
- How Store key in TPM 1.2
- How to load and use a persistent symmetric key in the TPM?
- How can I Enrol Certificate for TPM Virtual Smart Card by C#
- TPM and private key protection
- How to ensure that keys are created inside TPM?
- TPM Windows Key creation