Sealing Data using TPM In Windows [closed]

问题

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 5 years ago.

I'd like to perform a TPM Seal operation in windows. I'm familiar with C++ programming but have no idea what libraries I'd even use.

I'm currently stuck with the following two questions:

Can I perform this action using e.g. WMI and a powershell script? This http://msdn.microsoft.com/en-us/library/windows/desktop/aa446799(v=vs.85).aspx indicates that I can use TBS To Submit a Command, but I don't have the faintest how I would set up the parameters in e.g. WMI.

Can I use the tbs.h/tbs.lib from the Windows 7 SDK to perform a TPM_Seal operation?

Is there a TSS API Like http://trousers.sourceforge.net/ where I can call this from some C++ Code?

The method through which I do this is not a big deal, but I am using TPM 1.2 on windows, and all of my clients are windows.

回答1:

You can use TPM Base Sevices for sending commands to the TPM. So you need to assemble the commands yourself.

The TPM commands, structures and flows are defined in 3 documents:

• Part 1 - Design Principles
• Part 2 - Structures of the TPM
• Part 3 - Commands

First you need to figure out which command you want to send. Then you have to lookup the command's reference in Part 3 and assembled the needed structures as described in Part 2.

The TPM_seal command for example is defined in section 10.1 on page 72 of Part 3. Line 1331 shows you how the command has to look like. After issuing the command you can evaluate the returned structure according to line 1332. (All numbers apply to revision 116.)

This can be really tricky. However, you can have a look at other implementations. If you just need a few commands it's not that hard, especially when you can be sure that some cornercases don't happen.

I would suggest you start looking at IBM's software TPM. This project also provides libtpm and some utilities. This is one of the lighter implementations I know.

You can also try whether TrouSerS for Windows is stable enough to fit your needs. There you would have a highlevel TSS API.

If Java is an option, have a look at jTSS. It supports Windows.

回答2:

I was able to do this without much issue with JTSS. There is an example @ https://security.stackexchange.com/questions/60841/encrypting-a-symmetric-key-or-small-file-using-tpm-and-windows-tbs

来源：https://stackoverflow.com/questions/24145810/sealing-data-using-tpm-in-windows