search

Watfaq / SoftU2F-Win

Software U2F authenticator for Windows
The Unlicense
66 stars 20 forks source link

Enhencement : keys stored in TPM in place of DPAPI ? #75

Open mcarbonneaux opened 8 months ago

mcarbonneaux commented 8 months ago

there a possiblilty to add the possibility to store the keys in TPM in place of DPAPI ?

ibigbug commented 8 months ago

yes it's absolutely possible. https://github.com/microsoft/ms-tpm-20-ref

nanderer commented 4 months ago

its to difficult to backup. please keep them on the disc, if thats not safe enough for you use bitlocker ;)

mcarbonneaux commented 3 months ago

its to difficult to backup. please keep them on the disc, if thats not safe enough for you use bitlocker ;)

precisely the purpose of the tpm is to not be able to extract it, and in this case my need is for it to serve as authentication of the device.

when you store it in a fido hardware key you can't backup the keys precisely although it allows you to do the same thing with a PC.

and the risk of storing secrets (event with bitlocker) on disk is that a program can steal them...