Your company here — click to reach over 10,000 unique daily visitors

tss2_createkey - Man Page


tss2_createkey [Options]

See Also

fapi-config(5) to adjust Fapi parameters like the used cryptographic profile and TCTI or directories for the Fapi metadata storages.

fapi-profile(5) to determine the cryptographic algorithms and parameters for all keys and operations of a specific TPM interaction like the name hash algorithm, the asymmetric signature algorithm, scheme and parameters and PCR bank selection.


tss2_createkey(1) - This commands creates a key inside the TPM and stores it in the FAPI metadata store and if requested persistently inside the TPM. Depending on the specified key type, cryptographic algorithms and parameters for the created key are determined by the corresponding cryptographic profile (cf., fapi-profile(5)).


These are the available options:

Common Options

This collection of options are common to all tss2 programs and provide information that many users may expect.


Create a key without password

tss2_createkey --path=HS/SRK/myRsaCryptKey --type="noDa, decrypt" --authValue=""

Create a key, ask for password on the command line

tss2_createkey --path=HS/SRK/myRsaCryptKey --type="noDa, decrypt"

Create a key with password “abc”.

tss2_createkey --path=HS/SRK/myRsaCryptKey --type="noDa, decrypt" --authValue=abc


0 on success or 1 on failure.


Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)


See the Mailing List (https://lists.linuxfoundation.org/mailman/listinfo/tpm2)


APRIL 2019 tpm2-tools General Commands Manual