3:02 a.m.
Hello,
thats is not gonna work, I think.
With a standalone Windows you can use the certreq tool to generate a TPM
backed CSR.
Here is a short guide, using a virtual Smartcard. You should be able to
use TPM directly as well, but I havent used that yet.
1) Generate virtual Smartcard
tpmvscmgr.exe create /name TestVSC /pin default /adminkey random /generat
2) Create templare for certreq, save as cert-template.inf
[NewRequest]
Subject = "CN=[hostname],O=[Organisation],L=[Location],ST=[State],C=[Country]"
Keylength = 2048
Exportable = FALSE
UserProtected = TRUE
MachineKeySet = FALSE
ProviderName = "Microsoft Base Smart Card Crypto Provider"
ProviderType = 1
RequestType = PKCS10
KeyUsage = 0x80
3) Create a CSR using the above template
certreq.exe -new -f .\tpm_cert.inf cert.csr
Hope that helps..
Regards,
Steffen
On 8/13/20 9:57 PM, Duc Duong wrote:
Hi,
I just start doing research in tpm-software, I had a running instance
in Ubuntu, build and install four projects: tpm2-tss, tpm2-tss-engine,
tpm2-tools and tpm2-abrmd
For professional purposes, I'd like to use this TPM TSS to generate
key and CSR with OpenSSL and I've already proof the concept in Ubuntu,
but actually trying to do the same thing in Windows is the final goal.
The first challenge I met is how to build tpm2-tss in Windows, other
projects are even not VS project.
I'm trying to build tpm2-tss with the environment they have tested,
like VS 2017 + v141 clang/c2 + UCRT 10.0.16299.0.
But after that, how can I install it and test it? Cause without
tpm2-tss-engine I can not test it through command right?
If it's not too tedious, please give me some suggestion, the more the
better.
Like, it there a better way to build tpm2-tss and other project in
Windows.
Thanks!
Paul
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org
To unsubscribe send an email to tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
--
Steffen Schwebel
Mail: s.schwebel(a)uvensys.de
uvensys GmbH
Firmensitz und Sitz der Gesellschaft:
uvensys GmbH
Schorbachstraße 11
35510 Butzbach
HRB: AG Friedberg, 7780
USt-Id: DE282879294
Geschäftsführer:
Dr. Thomas Licht, t.licht(a)uvensys.de
Volker Lieder, v.lieder(a)uvensys.de
Mail: info(a)uvensys.de
Internet: www.uvensys.de
Durchwahl: 06033 - 18 19 225
Hotline: 06033 - 18 19 288
Zentrale: 06033 - 18 19 20
Fax: 06033 - 18 19 299
==========================================================
Jegliche Stellungnahmen und Meinungen dieser E-Mail sind
alleine die des Autors und nicht notwendigerweise die der
Firma. Falls erforderlich, können Sie eine gesonderte
schriftliche Bestätigung anfordern.
Any views or opinions presented in this email are solely
those of the author and do not necessarily represent those
of the company. If verification is required please request
a hard-copy version.
10:29 a.m.
New subject: Need some suggestions about tpm2-tss in Windows
Hi Steffen,
Thanks for your replay!
We have already tried with certreq tools, but I'd like higher level of automation.
That's why we are seeking some program based approach.
Thanks,
Paul
________________________________
From: Steffen Schwebel <s.schwebel(a)uvensys.de>
Sent: Friday, August 14, 2020 3:02 AM
To: tpm2(a)lists.01.org <tpm2(a)lists.01.org>
Subject: [tpm2] Re: Need some suggestions about tpm2-tss in Windows
[EXTERNAL]
Hello,
thats is not gonna work, I think.
With a standalone Windows you can use the certreq tool to generate a TPM
backed CSR.
Here is a short guide, using a virtual Smartcard. You should be able to
use TPM directly as well, but I havent used that yet.
1) Generate virtual Smartcard
tpmvscmgr.exe create /name TestVSC /pin default /adminkey random /generat
2) Create templare for certreq, save as cert-template.inf
[NewRequest]
Subject = "CN=[hostname],O=[Organisation],L=[Location],ST=[State],C=[Country]"
Keylength = 2048
Exportable = FALSE
UserProtected = TRUE
MachineKeySet = FALSE
ProviderName = "Microsoft Base Smart Card Crypto Provider"
ProviderType = 1
RequestType = PKCS10
KeyUsage = 0x80
3) Create a CSR using the above template
certreq.exe -new -f .\tpm_cert.inf cert.csr
Hope that helps..
Regards,
Steffen
On 8/13/20 9:57 PM, Duc Duong wrote:
Hi,
I just start doing research in tpm-software, I had a running instance
in Ubuntu, build and install four projects: tpm2-tss, tpm2-tss-engine,
tpm2-tools and tpm2-abrmd
For professional purposes, I'd like to use this TPM TSS to generate
key and CSR with OpenSSL and I've already proof the concept in Ubuntu,
but actually trying to do the same thing in Windows is the final goal.
The first challenge I met is how to build tpm2-tss in Windows, other
projects are even not VS project.
I'm trying to build tpm2-tss with the environment they have tested,
like VS 2017 + v141 clang/c2 + UCRT 10.0.16299.0.
But after that, how can I install it and test it? Cause without
tpm2-tss-engine I can not test it through command right?
If it's not too tedious, please give me some suggestion, the more the
better.
Like, it there a better way to build tpm2-tss and other project in
Windows.
Thanks!
Paul
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org
To unsubscribe send an email to tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
--
Steffen Schwebel
Mail: s.schwebel(a)uvensys.de
uvensys GmbH
Firmensitz und Sitz der Gesellschaft:
uvensys GmbH
Schorbachstraße 11
35510 Butzbach
HRB: AG Friedberg, 7780
USt-Id: DE282879294
Geschäftsführer:
Dr. Thomas Licht, t.licht(a)uvensys.de
Volker Lieder, v.lieder(a)uvensys.de
Mail: info(a)uvensys.de
Internet: www.uvensys.de<http://www.uvensys.de>
Durchwahl: 06033 - 18 19 225
Hotline: 06033 - 18 19 288
Zentrale: 06033 - 18 19 20
Fax: 06033 - 18 19 299
==========================================================
Jegliche Stellungnahmen und Meinungen dieser E-Mail sind
alleine die des Autors und nicht notwendigerweise die der
Firma. Falls erforderlich, können Sie eine gesonderte
schriftliche Bestätigung anfordern.
Any views or opinions presented in this email are solely
those of the author and do not necessarily represent those
of the company. If verification is required please request
a hard-copy version.
203
days inactive
203
days old
1 comments
2 participants
participants (2)
-
Duc Duong -
Steffen Schwebel