Windows support

[Tuttu]

Hey there !

I wonder if it would be possible to compile and use this code on a Windows 7 machine or if you are limited to using Unix due to some dependencies.

If possible, what would be the different requirements ?

[ThomasHabets]

It may be possible. Arping has compiled on Windows at one point, using winpcap and libnetNT. I don't know if the latter library still works.

I also have heard that Windows no longer supports raw sockets, which could be a problem.

I'd welcome pull requests and would maintain it, but not being a Windows coder I won't be actively try to make it happen.

[Tuttu]

Thanks for the quick update on the subject. Not being a Windows coder myself, I won't be able to help (Apart from testing) but I will be on the lookout for updates on the topic. :)

[ThomasHabets]

Sorry, I confused which project this was for. I guess the caffeine hasn't kicked in.

For simple-tpm-pk11 I have no idea where to start on Windows.

[ThomasHabets]

I guess there's also the question of what exactly do you want to do? Just use SSH with TPM?

That you can do like this: https://blog.habets.se/2016/10/Windows-SSH-client-with-TPM.html

[Tuttu]

I have more than 2000 computers using Bitlocker (Keys generated and stored in the TPM) to test and see if their TPM is affected. They should be if I refer myself to all the documentation available on the Web but having the possibility to extract and test the SRK on all the TPM to be sure would be great.

So it's not something I absolutely need to try but that would be a good thing to do nonetheless. :)

[ThomasHabets]

Oh you meant specifically the check-srk tool?

Do you have the tooling to start a linux live environment to run this tool? If not, it shouldn't actually be that hard to port. There seems to be trousers for windows, so assuming it works it shouldn't take much time to make check-srk build on Windows.

[Tuttu]

Yep. Sorry, I figured too late the check-srk tool was just a part of the simple-tpm-pk11.

As for your question, the answer is no. We can't deploy a live Linux environment on the workstations as the process must be completely silent to the user. I guess I will just wait and see if a similar windows tool pops on the Web. :)

[ThomasHabets]

I've asked on trousers-users

[Tuttu]

Oh, thanks for the help. 👍

[ThomasHabets]

What you could do is generate a new key as described here and then use the official scripts to test the key.

• https://github.com/crocs-muni/roca
• https://keychest.net/roca ("offline test" tab)

[Tuttu]

That's indeed a good idea. I will see what I can do from a test computer.

Edit : looks like I can't use the Smart Card thingy tool as it's a Windows 8 and above tool. Anyway, I will look for something else.

[SquallATF]

why not try tbs api, mingw support part api

• https://docs.microsoft.com/en-us/windows/desktop/tbs/tbs-functions
• https://github.com/Microsoft/TSS.MSR
• https://sourceforge.net/p/mingw-w64/mingw-w64/ci/master/tree/mingw-w64-headers/include/tbs.h

[hajikhorasani]

@Tuttu and @ThomasHabets I couldn't find the Windows version of TPM-PKCS11. I'll be appreciated if you guide me. I want to use a eToken Pro PKCS11 and TPM-PKCS11 simultaneously in a Windows machine by CryptokiMPX https://github.com/hajikhorasani/cryptokimpx

[ThomasHabets]

@hajikhorasani like I said for coding on Windows I don't even know where to start. And nobody replied to the thread I started (linked above). I've not coded for Windows in about 20 years.