tsscertifyx509 - Man Page

Runs TPM2 certifyx509

Description

certifyx509

Runs TPM2_Certifyx509

-ho

object handle

[-pwdo

password for object (default empty)]

-hk

certifying key handle

[-pwdk

password for key (default empty)]

[-halg

(sha256, sha384) (default sha256)]

-rsa keybits

2048 3072

-ecc curve

nistp256 nistp384

[-ku

X509 key usage - string - comma separated, no spaces]

[-iob

TPMA_OBJECT - 4 byte hex] e.g. sign: critical,digitalSignature,keyCertSign,cRLSign (default) e.g. decrypt: critical,dataEncipherment,keyAgreement,encipherOnly,decipherOnly e.g. fixedTPM: critical,nonRepudiation e.g. parent (restrict decrypt): critical,keyEncipherment

[-bit

bit in partialCertificate to toggle]

[-sub

subject same as issuer for self signed (root) certificate]

[-opc

partial certificate file name (default do not save)]

[-oa

addedToCertificate file name (default do not save)]

[-otbs

signed tbsDigest file name (default do not save)]

[-os

signature file name (default do not save)]

[-ocert

reconstructed certificate file name (default do not save)]

-se[0-2] session handle / attributes (default PWAP)

01

continue

20

command decrypt

40

response encrypt

Info

November 2020 tsscertifyx509 1.6