tsscreate - Man Page

Runs tsscreate

Description

tsscreate

Runs TPM2_Create

-hp parent handle

[Asymmetric Key Algorithm]

-rsa [keybits] (default)

(2048 default)

-ecc curve

bnp256 nistp256 nistp384

Key attributes
-bl

data blob for unseal (create only) requires -if

-den

decryption, (unrestricted, RSA and EC NULL scheme)

-deo

decryption, (unrestricted, RSA OAEP, EC NULL scheme)

-dee

decryption, (unrestricted, RSA ES, EC NULL scheme)

-des

encryption/decryption, AES symmetric [-116 for TPM rev 116 compatibility]

-st

storage (restricted) [default for primary keys]

-si

unrestricted signing (RSA and EC NULL scheme)

-sir

restricted signing (RSA RSASSA, EC ECDSA scheme)

-dau

unrestricted ECDAA signing key pair

-dar

restricted ECDAA signing key pair

-kh

keyed hash (unrestricted, hmac)

-khr

keyed hash (restricted, hmac)

-dp

derivation parent

-gp

general purpose, not storage

[-kt

(can be specified more than once)]

f       fixedTPM (default for primary keys and derivation parents)

p       fixedParent (default for primary keys and derivation parents)

nf      no fixedTPM (default for non-primary keys)

np      no fixedParent (default for non-primary keys)

ed      encrypted duplication (default not set)

[-da

object subject to DA protection (default no)]

[-pol

policy file (default empty)]

[-uwa

userWithAuth attribute clear (default set)]

[-if

data (inSensitive) file name]

[-nalg

name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]

[-halg

scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]

[-pwdk

password for key (default empty)]

[-pwdp

password for parent key (default empty)]

[-opu

public key file name (default do not save)]

[-opr

private key file name (default do not save)]

[-opem

public key PEM format file name (default do not save)]

[-tk

output ticket file name (default do not save)]

[-ch

output creation hash file name (default do not save)]

[-cd

output creation data file name (default do not save)]

-se[0-2] session handle / attributes (default PWAP)

01 continue

20 command decrypt

40 response encrypt

Depending on the build configuration, some hash algorithms may not be available.

Info

November 2020 tsscreate 1.6