tsscreateloaded - Man Page
Runs TPM2 createloaded
Description
createloaded
Runs TPM2_CreateLoaded
-hp parent handle (can be hierarchy)
40000001 Owner 4000000c Platform 4000000b Endorsement
[Asymmetric Key Algorithm]
-rsa [keybits] (default)
(2048 default)
-ecc curve
bnp256 nistp256 nistp384
Key attributes
- -bl
data blob for unseal (create only) requires -if
- -den
decryption, (unrestricted, RSA and EC NULL scheme)
- -deo
decryption, (unrestricted, RSA OAEP, EC NULL scheme)
- -dee
decryption, (unrestricted, RSA ES, EC NULL scheme)
- -des
encryption/decryption, AES symmetric [-116 for TPM rev 116 compatibility]
- -st
storage (restricted) [default for primary keys]
- -si
unrestricted signing (RSA and EC NULL scheme)
- -sir
restricted signing (RSA RSASSA, EC ECDSA scheme)
- -dau
unrestricted ECDAA signing key pair
- -dar
restricted ECDAA signing key pair
- -kh
keyed hash (unrestricted, hmac)
- -khr
keyed hash (restricted, hmac)
- -dp
derivation parent
- -gp
general purpose, not storage
- [-kt
(can be specified more than once)] f fixedTPM (default for primary keys and derivation parents) p fixedParent (default for primary keys and derivation parents) nf no fixedTPM (default for non-primary keys) np no fixedParent (default for non-primary keys) ed encrypted duplication (default not set)
- [-da
object subject to DA protection (default no)]
- [-pol
policy file (default empty)]
- [-uwa
userWithAuth attribute clear (default set)]
- [-if
data (inSensitive) file name]
- [-nalg
name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
- [-halg
scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
- [-der
object's parent is a derivation parent]
- [-pwdk
password for key (default empty)]
- [-pwdp
password for parent key (default empty)]
- [-opu
public key file name (default do not save)]
- [-opr
private key file name (default do not save)]
- [-opem
public key PEM format file name (default do not save)]
-se[0-2] session handle / attributes (default PWAP)
- 01
continue
- 20
command decrypt
- 40
response encrypt