csu3_am335x/EVSE/GPL/tpm2-tools-5.1/man/tss2_sign.1.md

% tss2_sign(1) tpm2-tools | General Commands Manual % % APRIL 2019

NAME

tss2_sign(1) -

SYNOPSIS

tss2_sign [OPTIONS]

common fapi references

DESCRIPTION

tss2_sign(1) - This command uses a key inside the TPM to sign a digest value using the TPM signing schemes as specified in the cryptographic profile (cf., fapi-profile(5)).

OPTIONS

These are the available options:

• -p, --keyPath=STRING:

  The path to the signing key.

• -s, --padding=STRING:

  The padding scheme used. Possible values are "RSA_SSA", "RSA_PSS" (case insensitive). Optional parameter. If omitted, the default padding specified in the cryptographic profile (cf., fapi-profile(5)) is used.

• -c, --certificate=FILENAME or - (for stdout):

  The certificate associated with keyPath in PEM format. Optional parameter.

• -d, --digest=FILENAME or - (for stdin):

  The data to be signed, already hashed.

• -f, --force:

  Force overwriting the output file.

• -k, --publicKey=FILENAME or - (for stdout):

  The public key associated with keyPath in PEM format. Optional parameter.

• -o, --signature=FILENAME or - (for stdout):

  Returns the signature in binary form.

common tss2 options

EXAMPLE

tss2_sign --keyPath=HS/SRK/myRSASign --padding="RSA_PSS" --digest=digest.file --signature=signature.file --publicKey=publicKey.file

RETURNS

0 on success or 1 on failure.

footer