tss2_createseal - Man Page


tss2_createseal [Options]

See Also

fapi-config(5) to adjust Fapi parameters like the used cryptographic profile and TCTI or directories for the Fapi metadata storages.

fapi-profile(5) to determine the cryptographic algorithms and parameters for all keys and operations of a specific TPM interaction like the name hash algorithm, the asymmetric signature algorithm, scheme and parameters and PCR bank selection.


tss2_createseal(1) - This command creates a sealed object and stores it in the FAPI metadata store. If no data is provided (i.e. a NULL-pointer) then the TPM generates random data and fills the sealed object. TPM signing schemes are used as specified in the cryptographic profile (cf., fapi-profile(5)).


These are the available options:

Common Options

This collection of options are common to all tss2 programs and provide information that many users may expect.


Create a key with password “abc” and read sealing data from file.

tss2_createseal --path=HS/SRK/mySealKey --type="noDa" --authValue=abc --data=data.file


0 on success or 1 on failure.


Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)


See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)


APRIL 2019 tpm2-tools General Commands Manual