Select Key Storage Provider in key creation and use

[antonio-fr]

I intend to use a TPM on Windows to generate, store and sign, through the win32 CNG API (NCryptCreatePersistedKey and NCryptSignHash) but within a Python program. When creating a key, one have to provide the hProvider (handle the Key Storage Provider) parameter as "Microsoft Platform Crypto Provider" to select the TPM target. oscrypto uses CNG but the oscrypto methods are too much high-level and a key generation gives the keypair data, and there's no easy way to select the KSP. Do you have any idea how to proceed in Python for what I have in mind ? Can I use the brcrypt ffi (from bcrypt.dll) in an easy way to use the win32 method ? I guess I have to add the ffi cdef in _cng_cffi about BCryptCreatePersistedKey ?

[antonio-fr]

OK, I saw that ncrypt and bcrypt are separated libraries. For what I plan, I need ncrypt, so I have to wrap (or make a c++ software) myself, nothing to do with oscrypto. Because oscrypto only uses bcrypt lib to perform computations, and it doesn't handle the key storage.

[wbond]

It sounds like this use case isn't a fit for what oscrypto is trying to provide, so I am going to close the issue.