Skip to content
/ win-tpm Public

Generating and storing Certificates / Keys inside TPM

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

razatechofficial/win-tpm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
win-tpm.exe
win-tpm.exe
 
 

Repository files navigation

WinTPM

A simple Go program that demonstrates generating and managing keys with the Windows TPM (Trusted Platform Module).

Build Instructions (Windows Only)

# Build the executable
go build -o wintpm_demo.exe .

Usage

Run the program with the desired parameters:

.\wintpm_demo.exe -alias MyRootCA -bits 3072

or

.\wintpm_demo.exe -alias MyRootCA -bits 2048

⚠️ The key size (-bits) depends on your TPM hardware model. Some TPMs may only support 2048-bit keys, while others support 3072-bit.

Verifying Key Storage (Hardware vs Software)

To check whether the generated key is hardware-backed (inside the TPM) or software-emulated, run the following command on Windows Server:

certutil -csp "Microsoft Platform Crypto Provider" -key "RazaCA" | findstr "Key Storage"

If the output contains "Hardware", the key is protected by the TPM hardware. Otherwise, it may be software-emulated.

Notes

  • Requires Windows with TPM support.
  • Run PowerShell or Command Prompt with Administrator privileges when testing.

About

Generating and storing Certificates / Keys inside TPM

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages