1CREATE(1) User Commands CREATE(1)
2
6 create - Runs TPM2 create
7
9 create
10 Runs TPM2_Create
12 -hp parent handle
14 [Asymmetric Key Algorithm]
16 -rsa (default)
18 -ecc curve
20 bnp256 nistp256 nistp384
22 Key attributes
24 -bl data blob for unseal (create only) -if data file name
26 -den decryption, (unrestricted, RSA and EC NULL scheme)
28 -deo decryption, (unrestricted, RSA OAEP, EC NULL scheme)
30 -des encryption/decryption, AES symmetric [-116 for TPM rev 116 com‐
32 patibility]
33 -st storage (restricted) [default for primary keys]
35 -si unrestricted signing (RSA and EC NULL scheme)
37 -sir restricted signing (RSA RSASSA, EC ECDSA scheme)
39 -dau unrestricted ECDAA signing key pair
41 -dar restricted ECDAA signing key pair
43 -kh keyed hash (hmac)
45 -dp derivation parent
47 -gp general purpose, not storage
49 [-kt (can be specified more than once)] f fixedTPM (default for
51 primary keys and derivation parents) p fixedParent
52 (default for primary keys and derivation parents) nf no
53 fixedTPM (default for non-primary keys) np no fixedParent
54 (default for non-primary keys)
55 [-da object subject to DA protection (default no)]
57 [-pol policy file (default empty)]
59 [-uwa userWithAuth attribute clear (default set)]
61 [-nalg name hash algorithm (sha1, sha256, sha384, sha512) (default
63 sha256)]
64 [-halg scheme hash algorithm (sha1, sha256, sha384, sha512) (default
66 sha256)]
67 [-pwdk password for key (default empty)]
69 [-pwdp password for parent key (default empty)]
71 [-opu public key file name (default do not save)]
73 [-opr private key file name (default do not save)]
75 [-opem public key PEM format file name (default do not save)]
77 [-tk output ticket file name (default do not save)]
79 [-ch output creation hash file name (default do not save)]
81 -se[0-2] session handle / attributes (default PWAP)
83 01 continue
85 20 command decrypt
87 40 response encrypt
89create 1308 August 2018 CREATE(1)