Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhencement : keys stored in TPM in place of DPAPI ? #75

Open
mcarbonneaux opened this issue Jan 18, 2024 · 3 comments
Open

Enhencement : keys stored in TPM in place of DPAPI ? #75

mcarbonneaux opened this issue Jan 18, 2024 · 3 comments

Comments

@mcarbonneaux
Copy link

there a possiblilty to add the possibility to store the keys in TPM in place of DPAPI ?
@ibigbug
Copy link
Member

ibigbug commented Jan 22, 2024

yes it's absolutely possible. https://github.com/microsoft/ms-tpm-20-ref

@nanderer
Copy link

its to difficult to backup. please keep them on the disc, if thats not safe enough for you use bitlocker ;)

@mcarbonneaux
Copy link
Author

mcarbonneaux commented Jun 21, 2024
edited
Loading

its to difficult to backup. please keep them on the disc, if thats not safe enough for you use bitlocker ;)

precisely the purpose of the tpm is to not be able to extract it, and in this case my need is for it to serve as authentication of the device.

when you store it in a fido hardware key you can't backup the keys precisely although it allows you to do the same thing with a PC.

and the risk of storing secrets (event with bitlocker) on disk is that a program can steal them...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ibigbug @mcarbonneaux @nanderer