table of contents
| TSSCREATEPRIMARY(1) | User Commands | TSSCREATEPRIMARY(1) |
NAME¶
tsscreateprimary - Runs tsscreateprimary
DESCRIPTION¶
tsscreateprimary creates a primary storage key
Runs TPM2_CreatePrimary
- [-hi
- hierarchy (e, o, p, n) (default null)]
- [-pwdp
- password for hierarchy (default empty)]
- [-pwdpi
- password file name for hierarchy (default empty)]
- [-pwdk
- password for key (default empty)]
- [-iu
- inPublic unique field file (default none)]
- [-opu
- public key file name (default do not save)]
- [-opem
- public key PEM format file name (default do not save)]
- [-tk
- output ticket file name]
- [-ch
- output creation hash file name]
- [-cd
- output creation data file name (default do not save)]
- [Asymmetric Key Algorithm]
- -rsa [keybits] (default)
- (2048 default)
- -ecc curve
- bnp256 nistp256 nistp384
- Key attributes
- -bl
- data blob for unseal (create only) requires -if
- -den
- decryption, (unrestricted, RSA and EC NULL scheme)
- -deo
- decryption, (unrestricted, RSA OAEP, EC NULL scheme)
- -dee
- decryption, (unrestricted, RSA ES, EC NULL scheme)
- -des
- encryption/decryption, AES symmetric [-116 for TPM rev 116 compatibility]
- -st
- storage (restricted) [default for primary keys]
- -si
- unrestricted signing (RSA and EC NULL scheme)
- -sir
- restricted signing (RSA RSASSA, EC ECDSA scheme)
- -dau
- unrestricted ECDAA signing key pair
- -dar
- restricted ECDAA signing key pair
- -kh
- keyed hash (unrestricted, hmac)
- -khr
- keyed hash (restricted, hmac)
- -dp
- derivation parent
- -gp
- general purpose, not storage
- [-kt
- (can be specified more than once)]
- f fixedTPM (default for primary keys and derivation parents)
- p fixedParent (default for primary keys and derivation parents)
- nf no fixedTPM (default for non-primary keys)
- np no fixedParent (default for non-primary keys)
- ed encrypted duplication (default not set)
- [-da
- object subject to DA protection (default no)]
- [-pol
- policy file (default empty)]
- [-uwa
- userWithAuth attribute clear (default set)]
- [-if
- data (inSensitive) file name]
- [-nalg
- name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
- [-halg
- scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
-se[0-2] session handle / attributes (default PWAP)
- 01 continue
- 20 command decrypt
- 40 response encrypt
Depending on the build configuration, some hash algorithms may not be available.
| November 2020 | tsscreateprimary 1.6 |