[python-win32] Use TPM from Crypto API
Antoine FERRON
antoine.ferron at bitlogik.fr
Mon Nov 23 17:07:55 EST 2020
On Nov 22 2020, at 8:14 pm, Tim Roberts <timr at probo.com> wrote:
> On Nov 22, 2020, at 4:16 AM, Antoine FERRON via python-win32 <python-win32 at python.org> wrote:
> >
> > Can you confirm that TPM "Microsoft Platform Crypto Provider" requires "CNG", and pywin32 is only "CAPI" capable ?
>
> This is not a Python question at all. Look at the MSDN documentation page for the CryptEnumProviders API. You’ll see that it is deprecated, and only accesses the base cryptographic provider and the enhanced cryptographic provider. Remember that pywin32 is, in almost every case, a relatively thin wrapper around the Windows APIs.
Well, not Python, but related to pywin32. So I understand that win32crypt.CryptEnumProviders in win32 is calling CryptEnumProvidersA (https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptenumprovidersa) which is deprecated (what I call "CAPI"), and I need NCryptEnumStorageProviders (https://docs.microsoft.com/en-us/windows/win32/api/ncrypt/nf-ncrypt-ncryptenumstorageproviders) (what I call "CNG"). So the win32 API is not a fit for this, because it wraps "old" crypto functions.
> > Anyway, do you have some ideas in mind to reach my goal ?
> The APIs from ncrypt.dll are not, as of yet, exposed in pywin32. You can certainly use ctypes to access them.
Yes, I can see 2 ways to reach my goal : one is ffi.dlopen("ncrypt.dll") or CDLL and provides the good ctypes, which can be not so easy (https://stackoverflow.com/questions/59818779/is-there-a-python-module-could-sign-and-verify-data-by-rsa-key-pair-from-certifi/59854465#comment106111779_59854465). the other is to build a small c++ app and call exe fro Python with subprocess.run std in/out. Also an intermediary is do a small c++ app/dll and use ffi to access it, or extend the Python with c++. This "hcrypt" helper maybe a good help (https://github.com/vladp72/hcrypt) for the second way.
> —
> Tim Roberts, timr at probo.com
> Providenza & Boekelheide, Inc.
Thanks for your time and help, appreciate.
> _______________________________________________
> python-win32 mailing list
python-win32 at python.org
https://mail.python.org/mailman/listinfo/python-win32
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-win32/attachments/20201123/e737e84d/attachment.html>
More information about the python-win32
mailing list