Sealing Data using TPM In Windows
I'd like to perform a TPM Seal operation in windows. I'm familiar with C++ programming but have no idea what libraries I'd even use.
I'm currently stuck with the following two questions:
Can I perform this action using e.g. WMI and a powershell script? This http://msdn.microsoft.com/en-us/library/windows/desktop/aa446799(v=vs.85).aspx indicates that I can use TBS To Submit a Command, but I don't have the faintest how I would set up the parameters in e.g. WMI.
Can I use the tbs.h/tbs.lib from the Windows 7 SDK to perform a TPM_Seal operation?
Is there a TSS API Like http://trousers.sourceforge.net/ where I can call this from some C++ Code?
The method through which I do this is not a big deal, but I am using TPM 1.2 on windows, and all of my clients are windows.
You can use TPM Base Sevices for sending commands to the TPM. So you need to assemble the commands yourself.
The TPM commands, structures and flows are defined in 3 documents:
First you need to figure out which command you want to send. Then you have to lookup the command's reference in Part 3 and assembled the needed structures as described in Part 2.
The TPM_seal command for example is defined in section 10.1 on page 72 of Part 3. Line 1331 shows you how the command has to look like. After issuing the command you can evaluate the returned structure according to line 1332. (All numbers apply to revision 116.)
This can be really tricky. However, you can have a look at other implementations. If you just need a few commands it's not that hard, especially when you can be sure that some cornercases don't happen.
You can also try whether TrouSerS for Windows is stable enough to fit your needs. There you would have a highlevel TSS API.
If Java is an option, have a look at jTSS. It supports Windows.