at windows java At Installation of my program : i want to generate ecc key pair which is generated on java send to server and install key pair to tpm device then send key pair to server for backup.On Java side delete generated keypair. Also encrypt my sensitive data once on installation.
After Installation everytime software starts: use tpm to decrypt some data at every app startup at runtime.
So if any file will be stolen or hacked. TPM will have the encryption key.
I have searched all over internet and did not found any solution to my problem.
On Linux there is solution to my problem: https://pagefault.blog/2016/12/23/guide-encryption-with-tpm/
tpm_sealdata tpm_unsealdata
These commands avalible on linux.
So any stolen file from hackers wont be problem. I need same solution to my java program.
On Java side i have found solution like this Samples.java method encryptDecrypt https://github.com/microsoft/TSS.MSR/blob/bda0a44643064ebc4984f6c5568563a0c5eef23f/TSS.Java/src/samples/Samples.java#L464
But this one always using same key on all tpm devices. So its useless.
How to use this method unique for all tpms
