tpm2tss-genkey(1)

1tpm2tss-genkey(1)           General Commands Manual          tpm2tss-genkey(1)
2
3
4

NAME

6       tpm2tss-genkey(1) -- generate TPM keys for tpm2-tss-engine
7

SYNOPSIS

9       tpm2tss-genkey [options] <filename>
10

DESCRIPTION

12       tpm2tss-genkey creates a key inside a TPM 2.0 connected via the tpm2tss
13       software stack.  Those keys may be an RSA key for decryption or signing
14       or an ECC key for ECDSA signatures.
15

ARGUMENTS

17       The tpm2tss-genkey command expects a filename for storing the resulting
18       TPM key information.  This file can then be loaded with  OpenSSL  using
19       openssl pkeyutl -engine tpm2tss -keyform engine -inkey <filename>.
20

OPTIONS

22       · -a <algorithm>,  --alg <algorithm>:  The  public  key algorithm (rsa,
23         ecdsa) (default: rsa)
24
25       · -c <curve>, --curve <curve>: If alg ecdsa is chosen,  the  curve  for
26         ecc (default: nist_p256)
27
28       · -e <exponent>, --exponent <exponent>: If alg rsa is chosen, the expo‐
29         nent for rsa (default: 65537)
30
31       · -h, --help: Print help
32
33       · -o <password>, --ownerpw <password>: Password for the owner hierarchy
34         (default: none)
35
36       · -p <password>,  --password <password>:  Password  for the created key
37         (default: none)
38
39       · -s <keysize>, --keysize <keysize>: If alg rsa is chosen, the key size
40         in bits (default: 2048)
41
42       · -v, --verbose: Print verbose messages
43

EXAMPLES

45       Engine informations can be retrieved using:
46
47              $ openssl engine -t -c tpm2
48
49       The  following  sequence  of commands creates an RSA key using the TPM,
50       exports the public key, encrypts a data file and decrypts it using  the
51       TPM:
52
53              $ openssl-gentpm2tss -a rsa -k 2048 mykey
54              $ openssl rsa -engine tpm2tss -inform engine -in mykey -pubout -outform pem -out mykey.pub
55              $ openssl pkeyutl -pubin -inkey mykey.pub -in mydata -encrypt -out mycipher
56              $ openssl pkeyutl -engine tpm2tss -keyform engine -inkey mykey -decrypt -in mycipher -out mydata
57
58       The  following  sequence  of commands creates an RSA key using the TPM,
59       exports the public key, signs a data file using the TPM  and  validates
60       the signature:
61
62              $ openssl-gentpm2tss -a rsa -k 2048 mykey
63              $ openssl rsa -engine tpm2 -inform engine -in mykey -pubout -outform pem -out mykey.pub
64              $ openssl pkeyutl -engine tpm2 -keyform engine -inkey mykey -sign -in mydata -out mysig
65              $ openssl pkeyutl -inkey mykey.pub -verify -in mydata -sigfile mysig
66
67       The  following sequence of commands creates an ECDSA key using the TPM,
68       exports the public key, signs a data file using the TPM  and  validates
69       the signature:
70
71              $ openssl-gentpm2tss -a rsa -k 2048 mykey
72              $ openssl pkeyutl -engine tpm2tss -keyform engine -inkey mykey -sign -in mydata -out mysig
73              $ openssl pkeyutl -engine tpm2tss -keyform engine -inkey mykey -verify -in mydata -sigfile mysig
74

RETURNS

76       0 on success or 1 on failure.
77
78   AUTHOR
79       Written by Andreas Fuchs.
80
81   COPYRIGHT
82       tpm2tss is Copyright (C) 2017-2018 Fraunhofer SIT sponsored by Infineon
83       Technologies AG.  License BSD 3-clause.
84
85   SEE ALSO
86       openssl(1)
87
88
89
90tpm2-tss-engine                    JUNE 2018                 tpm2tss-genkey(1)