I need to store and retrieve a symmetric AES key securely using the TPM on a windows machine. The key will be used in a windows application running on the same machine. Each time the application runs it will do the following:
- Check the TPM for the AES key
- If there is no key present, generate the key and store it in the TPM
- If there is a key in the TPM, use it
Is storing the key in an NV (Non Volatile) Index a reasonable way to do this? Are there better alternatives using the TPM?