Home Explore Help
Sign In
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
tpm2-tools-5.1
/
man
/
man1
/
tss2_createkey.1

tss2_createkey.1 4.6 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144 
  1. .\" Automatically generated by Pandoc 1.19.2.4
    2. 

  2. .\"
    3. 

  3. .TH "tss2_createkey" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual"
    4. 

  4. .hy
    5. 

  5. .SH NAME
    6. 

  6. .PP
    7. 

  7. \f[B]tss2_createkey\f[](1) \-
    8. 

  8. .SH SYNOPSIS
    9. 

  9. .PP
    10. 

  10. \f[B]tss2_createkey\f[] [\f[I]OPTIONS\f[]]
    11. 

  11. .SH SEE ALSO
    12. 

  12. .PP
    13. 

  13. \f[B]fapi\-config(5)\f[] to adjust Fapi parameters like the used
    14. 

  14. cryptographic profile and TCTI or directories for the Fapi metadata
    15. 

  15. storages.
    16. 

  16. .PP
    17. 

  17. \f[B]fapi\-profile(5)\f[] to determine the cryptographic algorithms and
    18. 

  18. parameters for all keys and operations of a specific TPM interaction
    19. 

  19. like the name hash algorithm, the asymmetric signature algorithm, scheme
    20. 

  20. and parameters and PCR bank selection.
    21. 

  21. .SH DESCRIPTION
    22. 

  22. .PP
    23. 

  23. \f[B]tss2_createkey\f[](1) \- This commands creates a key inside the TPM
    24. 

  24. and stores it in the FAPI metadata store and if requested persistently
    25. 

  25. inside the TPM.
    26. 

  26. Depending on the specified key type, cryptographic algorithms and
    27. 

  27. parameters for the created key are determined by the corresponding
    28. 

  28. cryptographic profile (cf., \f[B]fapi\-profile(5)\f[]).
    29. 

  29. .SH OPTIONS
    30. 

  30. .PP
    31. 

  31. These are the available options:
    32. 

  32. .IP \[bu] 2
    33. 

  33. \f[B]\-p\f[], \f[B]\-\-path\f[]=\f[I]STRING\f[]:
    34. 

  34. .RS 2
    35. 

  35. .PP
    36. 

  36. The path to the new key.
    37. 

  37. .RE
    38. 

  38. .IP \[bu] 2
    39. 

  39. \f[B]\-t\f[], \f[B]\-\-type\f[]=\f[I]STRING\f[]:
    40. 

  40. .RS 2
    41. 

  41. .PP
    42. 

  42. Identifies the intended usage.
    43. 

  43. Optional parameter.
    44. 

  44. Types may be any comma\-separated combination of:
    45. 

  45. .IP
    46. 

  46. .nf
    47. 

  47. \f[C]
    48. 

  48. \-\ "sign":\ Sets\ the\ sign\ attribute\ of\ a\ key.
    49. 

  49. \-\ "decrypt":\ Sets\ the\ decrypt\ attribute\ of\ a\ key.
    50. 

  50. \-\ Hint:\ If\ neither\ sign\ nor\ decrypt\ are\ provided,\ both\ attributes\ are\ set.
    51. 

  51. \-\ "restricted":\ Sets\ the\ restricted\ attribute\ of\ a\ key.
    52. 

  52. \-\ Hint:\ If\ restricted\ is\ set,\ sign\ or\ decrypt\ (but\ not\ both)\ need\ to\ be\ set.
    53. 

  53. \-\ "exportable":\ Clears\ the\ fixedTPM\ and\ fixedParent\ attributes\ of\ a\ key\ or
    54. 

  54. \ \ sealed\ object.
    55. 

  55. \-\ "noda":\ Sets\ the\ noda\ attribute\ of\ a\ key\ or\ NV\ index.
    56. 

  56. \-\ "system":\ Stores\ the\ data\ blobs\ and\ metadata\ for\ a\ created\ key\ or\ seal
    57. 

  57. \ \ in\ the\ system\-wide\ directory\ instead\ of\ user\[aq]s\ personal\ directory.
    58. 

  58. \-\ A\ hexadecimal\ number\ (e.g.\ "0x81000001"):\ Marks\ a\ key\ object\ to\ be
    59. 

  59. \ \ made\ persistent\ and\ sets\ the\ persistent\ object\ handle\ to\ this\ value.
    60. 

  60. \f[]
    61. 

  61. .fi
    62. 

  62. .RE
    63. 

  63. .IP \[bu] 2
    64. 

  64. \f[B]\-P\f[], \f[B]\-\-policyPath\f[]=\f[I]STRING\f[]:
    65. 

  65. .RS 2
    66. 

  66. .PP
    67. 

  67. The policy to be associated with the new key.
    68. 

  68. Optional parameter.
    69. 

  69. If omitted then no policy will be associated with the key.
    70. 

  70. .PP
    71. 

  71. A policyPath is composed of two elements, separated by "/".
    72. 

  72. A policyPath starts with "/policy".
    73. 

  73. The second path element identifies the policy or policy template using a
    74. 

  74. meaningful name.
    75. 

  75. .RE
    76. 

  76. .IP \[bu] 2
    77. 

  77. \f[B]\-a\f[], \f[B]\-\-authValue\f[]=\f[I]STRING\f[]:
    78. 

  78. .RS 2
    79. 

  79. .PP
    80. 

  80. The new UTF\-8 password.
    81. 

  81. Optional parameter.
    82. 

  82. If it is neglected then the user is queried interactively for a
    83. 

  83. password.
    84. 

  84. To set no password, this option should be used with the empty string
    85. 

  85. ("").
    86. 

  86. The maximum password size is determined by the digest size of the chosen
    87. 

  87. name hash algorithm in the cryptographic profile (cf.,
    88. 

  88. \f[B]fapi\-profile(5)\f[]).
    89. 

  89. For example, choosing SHA256 as hash algorithm, allows passwords of a
    90. 

  90. maximum size of 32 characters.
    91. 

  91. .RE
    92. 

  92. .SH COMMON OPTIONS
    93. 

  93. .PP
    94. 

  94. This collection of options are common to all tss2 programs and provide
    95. 

  95. information that many users may expect.
    96. 

  96. .IP \[bu] 2
    97. 

  97. \f[B]\-h\f[], \f[B]\-\-help [man|no\-man]\f[]: Display the tools
    98. 

  98. manpage.
    99. 

  99. By default, it attempts to invoke the manpager for the tool, however, on
    100. 

  100. failure will output a short tool summary.
    101. 

  101. This is the same behavior if the "man" option argument is specified,
    102. 

  102. however if explicit "man" is requested, the tool will provide errors
    103. 

  103. from man on stderr.
    104. 

  104. If the "no\-man" option if specified, or the manpager fails, the short
    105. 

  105. options will be output to stdout.
    106. 

  106. .RS 2
    107. 

  107. .PP
    108. 

  108. To successfully use the manpages feature requires the manpages to be
    109. 

  109. installed or on \f[I]MANPATH\f[], See \f[B]man\f[](1) for more details.
    110. 

  110. .RE
    111. 

  111. .IP \[bu] 2
    112. 

  112. \f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this
    113. 

  113. tool, supported tctis and exit.
    114. 

  114. .SH EXAMPLE
    115. 

  115. .SS Create a key without password
    116. 

  116. .IP
    117. 

  117. .nf
    118. 

  118. \f[C]
    119. 

  119. tss2_createkey\ \-\-path=HS/SRK/myRsaCryptKey\ \-\-type="noDa,\ decrypt"\ \-\-authValue=""
    120. 

  120. \f[]
    121. 

  121. .fi
    122. 

  122. .SS Create a key, ask for password on the command line
    123. 

  123. .IP
    124. 

  124. .nf
    125. 

  125. \f[C]
    126. 

  126. tss2_createkey\ \-\-path=HS/SRK/myRsaCryptKey\ \-\-type="noDa,\ decrypt"
    127. 

  127. \f[]
    128. 

  128. .fi
    129. 

  129. .SS Create a key with password "abc".
    130. 

  130. .IP
    131. 

  131. .nf
    132. 

  132. \f[C]
    133. 

  133. tss2_createkey\ \-\-path=HS/SRK/myRsaCryptKey\ \-\-type="noDa,\ decrypt"\ \-\-authValue=abc
    134. 

  134. \f[]
    135. 

  135. .fi
    136. 

  136. .SH RETURNS
    137. 

  137. .PP
    138. 

  138. 0 on success or 1 on failure.
    139. 

  139. .SH BUGS
    140. 

  140. .PP
    141. 

  141. Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
    142. 

  142. .SH HELP
    143. 

  143. .PP
    144. 

  144. See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
    145.