tsscreateprimary - Man Page

Runs TPM2 createprimary

Description

createprimary creates a primary storage key

Runs TPM2_CreatePrimary

[-hi

hierarchy (e, o, p, n) (default null)]

[-pwdp

password for hierarchy (default empty)]

[-pwdpi

password file name for hierarchy (default empty)]

[-pwdk

password for key (default empty)]

[-iu

inPublic unique field file (default none)]

[-opu

public key file name (default do not save)]

[-opem

public key PEM format file name (default do not save)]

[-tk

output ticket file name]

[-ch

output creation hash file name]

[Asymmetric Key Algorithm]

-rsa (default)

-ecc curve

bnp256 nistp256 nistp384

Key attributes

-bl

data blob for unseal (create only) -if     data file name

-den

decryption, (unrestricted, RSA and EC NULL scheme)

-deo

decryption, (unrestricted, RSA OAEP, EC NULL scheme)

-des

encryption/decryption, AES symmetric [-116 for TPM rev 116 compatibility]

-st

storage (restricted) [default for primary keys]

-si

unrestricted signing (RSA and EC NULL scheme)

-sir

restricted signing (RSA RSASSA, EC ECDSA scheme)

-dau

unrestricted ECDAA signing key pair

-dar

restricted ECDAA signing key pair

-kh

keyed hash (hmac)

-dp

derivation parent

-gp

general purpose, not storage

[-kt

(can be specified more than once)] f       fixedTPM (default for primary keys and derivation parents) p       fixedParent (default for primary keys and derivation parents) nf      no fixedTPM (default for non-primary keys) np      no fixedParent (default for non-primary keys)

[-da

object subject to DA protection (default no)]

[-pol

policy file (default empty)]

[-uwa

userWithAuth attribute clear (default set)]

[-nalg

name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]

[-halg

scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]

-se[0-2] session handle / attributes (default PWAP)

01

continue

20

command decrypt

40

response encrypt

Info

August 2018 createprimary 1308