NAME¶

tsscreateek - Runs tsscreateek

DESCRIPTION¶

tsscreateek

createek provides several options regarding the IWG standard EKs

-cp creates an EK primary key based on the EK NV indexes. By default, the EK is flushed, but -noflush will override that. By default, the EK public key is verified against the EK certificate, but -nopub will skip the check.

-root reads the EK certificate and validates it agains the EK CA certificates

-ce prints provisioned EK certificates

-te and -no print the deprecated EK template and nonce if present

[-pwde: endorsement hierarchy password (default empty)]
[-pwdk: password for endorsement key (default empty)]
[-high: Use the IWG NV high range. Specify before algorithm]

-rsa keybits

: 2048 3072 4096

-ecc curve

: nistp256 nistp384 nistp521

-te: print EK Template
-no: print EK nonce
-ce: print EK certificate
-cp: CreatePrimary the EK
[-noflush: Do not flush the primary key after validation]
[-nopub: Do not verify the public key against the certificate]
[-root: filename - validate EK certificate against the root] filename contains a list of PEM format CA root certificate filenames, one per line. The list may contain up to 100 certificates.

May 2021

tsscreateek 1.7

Source file:	tsscreateek.1.en.gz (from ibmtss 2.1.1-1.3)
Source last updated:	2023-11-30T14:36:25Z
Converted to HTML:	2024-04-29T01:23:44Z