table of contents
TSSCREATEEK(1) | User Commands | TSSCREATEEK(1) |
NAME¶
tsscreateek - Runs tsscreateek
DESCRIPTION¶
tsscreateek
createek provides several options regarding the IWG standard EKs
-cp creates an EK primary key based on the EK NV indexes. By default, the EK is flushed, but -noflush will override that. By default, the EK public key is verified against the EK certificate, but -nopub will skip the check.
-root reads the EK certificate and validates it agains the EK CA certificates
-ce prints provisioned EK certificates
-te and -no print the deprecated EK template and nonce if present
- [-pwde
- endorsement hierarchy password (default empty)]
- [-pwdk
- password for endorsement key (default empty)]
- [-high
- Use the IWG NV high range. Specify before algorithm]
-rsa keybits
- 2048 3072 4096
-ecc curve
- nistp256 nistp384 nistp521
- -te
- print EK Template
- -no
- print EK nonce
- -ce
- print EK certificate
- -cp
- CreatePrimary the EK
- [-noflush
- Do not flush the primary key after validation]
- [-nopub
- Do not verify the public key against the certificate]
- [-root
- filename - validate EK certificate against the root] filename contains a list of PEM format CA root certificate filenames, one per line. The list may contain up to 100 certificates.
May 2021 | tsscreateek 1.7 |