How to use TPM to generate a key pair and what function is called to implement it?

Question

Win32_ Tpm and tbs. h are both related to TPM, what is the difference between the two? For example, to generate a key pair using TPM, what function is called to implement it?

Answer 1

Hello,

Thank you for your question and for reaching out with your question today.

To use the Trusted Platform Module (TPM) to generate a key pair, you can use the Windows API provided by the TBS (Trusted Platform Module Base Services) library. TBS provides the necessary functions to interact with TPM devices and perform TPM-related operations, including key generation.

Here's a high-level overview of the steps to generate a key pair using TPM in Windows:

1. Initialize TBS: Before using the TBS functions, you need to initialize the TBS session by calling Tbsi_Context_Create. This function creates a TBS context and returns a handle to it.
2. Get TPM Handle: Use Tbsi_Get_TPM_Handle to obtain a handle to the TPM. This function retrieves the handle to the TPM device, which you will use for TPM operations.
3. Create Key Pair: To generate a key pair, you can use the TBS_WNV_TPM12_CreateWrapKey or TBS_WNV_TPM20_CreateWrapKey function, depending on the TPM version you are using (TPM 1.2 or TPM 2.0). These functions create a key pair on the TPM. The private key remains within the TPM, while the public key can be retrieved.
4. Export Public Key: To export the public key, you can use the TBS_WNV_TPM12_CertifyKey or TBS_WNV_TPM20_CertifyKey function, again depending on the TPM version. This function retrieves the public key from the TPM and provides it in a format suitable for exporting.
5. Release Resources: After completing TPM operations, it's essential to release the resources by calling Tbsip_Context_Close to close the TBS context and release the TPM handle.

Regarding the difference between Win32_Tpm and tbs.h:

• Win32_Tpm is a PowerShell module introduced in Windows 10 and later versions, which provides cmdlets for interacting with TPM functionalities, such as key management, sealing data, and reporting TPM properties.
• tbs.h is a C/C++ header file that is part of the TBS library. It contains the function prototypes and constants required for using TBS functions in C/C++ applications. It provides the necessary definitions for TPM operations and TBS structures.

To summarize, you can use the TBS library with tbs.h to interact with the TPM and perform key generation and other TPM-related operations in C/C++ applications. Alternatively, you can use the Win32_Tpm PowerShell module to achieve similar TPM functionalities in PowerShell scripts.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

If the reply was helpful, please don’t forget to upvote or accept as answer.

Answer 2

Thanks your answer, but I can't get Tbsi_Get_TPM_Handle and TBS_WNV_TPM20_CreateWrapKey, they are not in tbs.h! Where can I find them?

thanks again.

Answer 3

@Limitless Technology I understand the functions that I need to use from TBS
however, what about authorization that TPM will require to invoke these functions ??