Using TPM persisted RSA key in Windows and Linux

Question

Our solution includes a Windows tool that creates/opens a persisted RSA key stored in the TPM and encrypts/decrypt data using it. This works flawlessly.

Now we need to decrypt that data but from a Linux OS on that same machine. Can it be done?

The windows code uses NCrypt API (error handling etc removed):

// Open TPM storage provider.
NCryptOpenStorageProvider(
    &prov,
    MS_PLATFORM_CRYPTO_PROVIDER, //Identifies the TPM key storage provider that is provided by Microsoft. 
    0);
// Create persisted key
NCryptCreatePersistedKey(
    prov,
    &key,
    NCRYPT_RSA_ALGORITHM,
    "MyKeyName",
    0,
    0);
// Finalize so can be used
NCryptFinalizeKey(key, 0);
// Encrypt
NCryptEncrypt(
    key,
    (PBYTE)data,
    (DWORD)size,
    NULL,
    encryptedBuffer,
    encryptedBufferSize,
    &encryptedBufferSize,
    NCRYPT_PAD_PKCS1_FLAG);

What I'm going for is the Linux equivalent of

NCryptOpenKey(..., "MyKeyName", ...);
NCryptDecrypt(...);

But couldn't find it.

Thanks.

Interesting question. I don't have a direct answer for you or a piece of code that translates yours into Linux land, but I am convinced TPM chips are usable as PKCS11 providers on Linux today. Please see the resources below * TPM2 and Linux

Securing key handling using TPM

TPM enabling the Crypto Ecosystem for enhanced Security

[TPM2 PK11 (practical example under ark)](https://wiki.archlinux.org/index — Pedro, Jun 29 '20 at 08:58

Using TPM persisted RSA key in Windows and Linux

0 Answers0