How to securely store arbitrary data in TPM? [closed]

13 hours ago 1
ARTICLE AD BOX

Let's assume that I have an arbitrary data that needs to be protected by Windows TPM and later use the stored data. Which of the below approaches is a good design?

Create a persisted NCrypt key object (empty container). Store arbitrary data bytes as a "property" using NCryptSetProperty of this key. Finalize the key to persist it to TPM. And later retrieve it using key handle. From my understanding the properties are not really stored inside TPM but in Windows CNG key container (Key Storage Provider ) on disk. Is it correct?

TPM-Sealed Encryption: Encrypt the arbitrary data with a TPM-protected key so only that TPM can decrypt it as this provides confidentiality and integrity. Later decrypt encrypted blob stored on disk to retrieve the data.

Is there any better approach? I am trying to do this C++ using Windows libraries.

genpfault's user avatar

genpfault

52.3k12 gold badges94 silver badges153 bronze badges

Preeti 's user avatar

3

Read Entire Article
  3. How to securely store arbitrary data in TPM? [closed]

Related

Are the lock and unlock methods of a mutex object considered as modifications to the object?

Are the lock and unlock methods of a mutex object considered as modifications to the object?

TBB interaction in python binding

TBB interaction in python binding

Taking address of a temporary is allowed if the function's result is consumed [duplicate]

Taking address of a temporary is allowed if the function's result is consumed [duplicate]

LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.