1tpm2_duplicate(1) General Commands Manual tpm2_duplicate(1)
2
6 tpm2_duplicate(1) - Duplicates a loaded object so that it may be used
7 in a different hierarchy.
8
10 tpm2_duplicate [OPTIONS]
11
13 tpm2_duplicate(1) - This tool duplicates a loaded object so that it may
14 be used in a different hierarchy. The new parent key for the duplicate
15 may be on the same or different TPM or TPM_RH_NULL.
16
18 These options control the key importation process:
19 • -G, --wrapper-algorithm=ALGORITHM:
21 The symmetric algorithm to be used for the inner wrapper. Supports:
22 • aes - AES 128 in CFB mode.
24 • null - none
26 • -i, --encryptionkey-in=FILE:
28 Specifies the filename of the symmetric key (128 bit data) to be used
30 for the inner wrapper. Valid only when specified symmetric algorithm
31 is not null
32 • -o, --encryptionkey-out=FILE:
34 Specifies the filename to store the symmetric key (128 bit data) that
36 was used for the inner wrapper. Valid only when specified symmetric
37 algorithm is not null and --input-key-file is not specified. The TPM
38 generates the key in this case.
39 • -C, --parent-context=OBJECT:
41 The parent key object.
43 • -U, --parent-public=FILE:
45 Specifies the file path to the public key of the parent object on the
47 destination TPM. This should be a TPM2B_PUBLIC formatted file.
48 • -k, --private-key=FILE:
50 Specifies the file path to the external private key be encrypted for
52 the remote TPM. This should be a PEM format private key.
53 • -r, --private=FILE:
55 Specifies the file path to save the private portion of the duplicated
57 object. # Protection Details
58 Objects that can move outside of TPM need to be protected (confiden‐
60 tiality and integrity). For instance, transient objects require that
61 TPM protected data (key or seal material) be stored outside of the TPM.
62 This is seen in tools like tpm2_create(1), where the -r option outputs
63 this protected data. This blob contains the sensitive portions of the
64 object. The sensitive portions of the object are protected by the par‐
65 ent object, using the parent's symmetric encryption details to encrypt
66 the sensitive data and HMAC it.
67 In-depth details can be found in sections 23 of:
69 • https://trustedcomputinggroup.org/wp-content/up‐
71 loads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf
72 Notably Figure 20, is relevant, even though it's specifically referring
74 to duplication blobs, the process is identical.
75 If the output is from tpm2_duplicate(1), the output will be slightly
77 different, as described fully in section 23.
78 • -u, --public=FILE:
80 Specifies the file path to save the public portion of the duplicated
82 object, if an external key is being duplicated.
83 • -s, --encrypted-seed=FILE:
85 The file to save the encrypted seed of the duplicated object.
87 • -p, --auth=AUTH:
89 The authorization value for the key, optional.
91 • -c, --key-context=OBJECT:
93 The object to be duplicated.
95 • --cphash=FILE
97 File path to record the hash of the command parameters. This is com‐
99 monly termed as cpHash. NOTE: When this option is selected, The tool
100 will not actually execute the command, it simply returns a cpHash.
101 References
104 The type of a context object, whether it is a handle or file name, is
105 determined according to the following logic in-order:
106 • If the argument is a file path, then the file is loaded as a restored
108 TPM transient object.
109 • If the argument is a prefix match on one of:
111 • owner: the owner hierarchy
113 • platform: the platform hierarchy
115 • endorsement: the endorsement hierarchy
117 • lockout: the lockout control persistent object
119 • If the argument argument can be loaded as a number it will be treat
121 as a handle, e.g. 0x81010013 and used directly.OBJECT.
122
124 Authorization for use of an object in TPM2.0 can come in 3 different
125 forms: 1. Password 2. HMAC 3. Sessions
126 NOTE: "Authorizations default to the EMPTY PASSWORD when not speci‐
128 fied".
129 Passwords
131 Passwords are interpreted in the following forms below using prefix
132 identifiers.
133 Note: By default passwords are assumed to be in the string form when
135 they do not have a prefix.
136 String
138 A string password, specified by prefix "str:" or it's absence (raw
139 string without prefix) is not interpreted, and is directly used for au‐
140 thorization.
141 Examples
143 foobar
144 str:foobar
145 Hex-string
147 A hex-string password, specified by prefix "hex:" is converted from a
148 hexidecimal form into a byte array form, thus allowing passwords with
149 non-printable and/or terminal un-friendly characters.
150 Example
152 hex:0x1122334455667788
153 File
155 A file based password, specified be prefix "file:" should be the path
156 of a file containing the password to be read by the tool or a "-" to
157 use stdin. Storing passwords in files prevents information leakage,
158 passwords passed as options can be read from the process list or common
159 shell history features.
160 Examples
162 # to use stdin and be prompted
163 file:-
164 # to use a file from a path
166 file:path/to/password/file
167 # to echo a password via stdin:
169 echo foobar | tpm2_tool -p file:-
170 # to use a bash here-string via stdin:
172 tpm2_tool -p file:- <<< foobar
174 Sessions
176 When using a policy session to authorize the use of an object, prefix
177 the option argument with the session keyword. Then indicate a path to
178 a session file that was created with tpm2_startauthsession(1). Option‐
179 ally, if the session requires an auth value to be sent with the session
180 handle (eg policy password), then append a + and a string as described
181 in the Passwords section.
182 Examples
184 To use a session context file called session.ctx.
185 session:session.ctx
187 To use a session context file called session.ctx AND send the authvalue
189 mypassword.
190 session:session.ctx+mypassword
192 To use a session context file called session.ctx AND send the HEX auth‐
194 value 0x11223344.
195 session:session.ctx+hex:11223344
197 PCR Authorizations
199 You can satisfy a PCR policy using the "pcr:" prefix and the PCR mini‐
200 language. The PCR minilanguage is as follows:
201 <pcr-spec>=<raw-pcr-file>
202 The PCR spec is documented in in the section "PCR bank specifiers".
204 The raw-pcr-file is an optional the output of the raw PCR contents as
206 returned by tpm2_pcrread(1).
207 PCR bank specifiers (common/pcr.md)
209 Examples
211 To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifi‐
212 er of:
213 pcr:sha256:0,1,2,3
215 specifying AUTH.
217
219 Options that take algorithms support "nice-names".
220 There are two major algorithm specification string classes, simple and
222 complex. Only certain algorithms will be accepted by the TPM, based on
223 usage and conditions.
224 Simple specifiers
226 These are strings with no additional specification data. When creating
227 objects, non-specified portions of an object are assumed to defaults.
228 You can find the list of known "Simple Specifiers Below".
229 Asymmetric
231 • rsa
232 • ecc
234 Symmetric
236 • aes
237 • camellia
239 Hashing Algorithms
241 • sha1
242 • sha256
244 • sha384
246 • sha512
248 • sm3_256
250 • sha3_256
252 • sha3_384
254 • sha3_512
256 Keyed Hash
258 • hmac
259 • xor
261 Signing Schemes
263 • rsassa
264 • rsapss
266 • ecdsa
268 • ecdaa
270 • ecschnorr
272 Asymmetric Encryption Schemes
274 • oaep
275 • rsaes
277 • ecdh
279 Modes
281 • ctr
282 • ofb
284 • cbc
286 • cfb
288 • ecb
290 Misc
292 • null
293 Complex Specifiers
295 Objects, when specified for creation by the TPM, have numerous algo‐
296 rithms to populate in the public data. Things like type, scheme and
297 asymmetric details, key size, etc. Below is the general format for
298 specifying this data: <type>:<scheme>:<symmetric-details>
299 Type Specifiers
301 This portion of the complex algorithm specifier is required. The re‐
302 maining scheme and symmetric details will default based on the type
303 specified and the type of the object being created.
304 • aes - Default AES: aes128
306 • aes128<mode> - 128 bit AES with optional mode (ctr|ofb|cbc|cfb|ecb).
308 If mode is not specified, defaults to null.
309 • aes192<mode> - Same as aes128<mode>, except for a 192 bit key size.
311 • aes256<mode> - Same as aes128<mode>, except for a 256 bit key size.
313 • ecc - Elliptical Curve, defaults to ecc256.
315 • ecc192 - 192 bit ECC
317 • ecc224 - 224 bit ECC
319 • ecc256 - 256 bit ECC
321 • ecc384 - 384 bit ECC
323 • ecc521 - 521 bit ECC
325 • rsa - Default RSA: rsa2048
327 • rsa1024 - RSA with 1024 bit keysize.
329 • rsa2048 - RSA with 2048 bit keysize.
331 • rsa4096 - RSA with 4096 bit keysize.
333 Scheme Specifiers
335 Next, is an optional field, it can be skipped.
336 Schemes are usually Signing Schemes or Asymmetric Encryption Schemes.
338 Most signing schemes take a hash algorithm directly following the sign‐
339 ing scheme. If the hash algorithm is missing, it defaults to sha256.
340 Some take no arguments, and some take multiple arguments.
341 Hash Optional Scheme Specifiers
343 These scheme specifiers are followed by a dash and a valid hash algo‐
344 rithm, For example: oaep-sha256.
345 • oaep
347 • ecdh
349 • rsassa
351 • rsapss
353 • ecdsa
355 • ecschnorr
357 Multiple Option Scheme Specifiers
359 This scheme specifier is followed by a count (max size UINT16) then
360 followed by a dash(-) and a valid hash algorithm. * ecdaa For example,
361 ecdaa4-sha256. If no count is specified, it defaults to 4.
362 No Option Scheme Specifiers
364 This scheme specifier takes NO arguments. * rsaes
365 Symmetric Details Specifiers
367 This field is optional, and defaults based on the type of object being
368 created and it's attributes. Generally, any valid Symmetric specifier
369 from the Type Specifiers list should work. If not specified, an asym‐
370 metric objects symmetric details defaults to aes128cfb.
371 Examples
373 Create an rsa2048 key with an rsaes asymmetric encryption scheme
374 tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv
375 Create an ecc256 key with an ecdaa signing scheme with a count of 4
377 and sha384 hash
378 /tpm2_create -C parent.ctx -G ecc256:ec‐
380 daa4-sha384 -u key.pub -r key.priv cryptographic algorithms ALGORITHM.
381
383 This collection of options are common to many programs and provide in‐
384 formation that many users may expect.
385 • -h, --help=[man|no-man]: Display the tools manpage. By default, it
387 attempts to invoke the manpager for the tool, however, on failure
388 will output a short tool summary. This is the same behavior if the
389 "man" option argument is specified, however if explicit "man" is re‐
390 quested, the tool will provide errors from man on stderr. If the
391 "no-man" option if specified, or the manpager fails, the short op‐
392 tions will be output to stdout.
393 To successfully use the manpages feature requires the manpages to be
395 installed or on MANPATH, See man(1) for more details.
396 • -v, --version: Display version information for this tool, supported
398 tctis and exit.
399 • -V, --verbose: Increase the information that the tool prints to the
401 console during its execution. When using this option the file and
402 line number are printed.
403 • -Q, --quiet: Silence normal tool output to stdout.
405 • -Z, --enable-errata: Enable the application of errata fixups. Useful
407 if an errata fixup needs to be applied to commands sent to the TPM.
408 Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. in‐
409 formation many users may expect.
410
412 The TCTI or "Transmission Interface" is the communication mechanism
413 with the TPM. TCTIs can be changed for communication with TPMs across
414 different mediums.
415 To control the TCTI, the tools respect:
417 1. The command line option -T or --tcti
419 2. The environment variable: TPM2TOOLS_TCTI.
421 Note: The command line option always overrides the environment vari‐
423 able.
424 The current known TCTIs are:
426 • tabrmd - The resource manager, called tabrmd
428 (https://github.com/tpm2-software/tpm2-abrmd). Note that tabrmd and
429 abrmd as a tcti name are synonymous.
430 • mssim - Typically used for communicating to the TPM software simula‐
432 tor.
433 • device - Used when talking directly to a TPM device file.
435 • none - Do not initalize a connection with the TPM. Some tools allow
437 for off-tpm options and thus support not using a TCTI. Tools that do
438 not support it will error when attempted to be used without a TCTI
439 connection. Does not support ANY options and MUST BE presented as
440 the exact text of "none".
441 The arguments to either the command line option or the environment
443 variable are in the form:
444 <tcti-name>:<tcti-option-config>
446 Specifying an empty string for either the <tcti-name> or <tcti-op‐
448 tion-config> results in the default being used for that portion respec‐
449 tively.
450 TCTI Defaults
452 When a TCTI is not specified, the default TCTI is searched for using
453 dlopen(3) semantics. The tools will search for tabrmd, device and
454 mssim TCTIs IN THAT ORDER and USE THE FIRST ONE FOUND. You can query
455 what TCTI will be chosen as the default by using the -v option to print
456 the version information. The "default-tcti" key-value pair will indi‐
457 cate which of the aforementioned TCTIs is the default.
458 Custom TCTIs
460 Any TCTI that implements the dynamic TCTI interface can be loaded. The
461 tools internally use dlopen(3), and the raw tcti-name value is used for
462 the lookup. Thus, this could be a path to the shared library, or a li‐
463 brary name as understood by dlopen(3) semantics.
464
466 This collection of options are used to configure the various known TCTI
467 modules available:
468 • device: For the device TCTI, the TPM character device file for use by
470 the device TCTI can be specified. The default is /dev/tpm0.
471 Example: -T device:/dev/tpm0 or export TPM2TOOLS_TCTI="de‐
473 vice:/dev/tpm0"
474 • mssim: For the mssim TCTI, the domain name or IP address and port
476 number used by the simulator can be specified. The default are
477 127.0.0.1 and 2321.
478 Example: -T mssim:host=localhost,port=2321 or export TPM2TOOLS_TC‐
480 TI="mssim:host=localhost,port=2321"
481 • abrmd: For the abrmd TCTI, the configuration string format is a se‐
483 ries of simple key value pairs separated by a ',' character. Each
484 key and value string are separated by a '=' character.
485 • TCTI abrmd supports two keys:
487 1. 'bus_name' : The name of the tabrmd service on the bus (a
489 string).
490 2. 'bus_type' : The type of the dbus instance (a string) limited to
492 'session' and 'system'.
493 Specify the tabrmd tcti name and a config string of bus_name=com.ex‐
495 ample.FooBar:
496 \--tcti=tabrmd:bus_name=com.example.FooBar
498 Specify the default (abrmd) tcti and a config string of bus_type=ses‐
500 sion:
501 \--tcti:bus_type=session
503 NOTE: abrmd and tabrmd are synonymous. the various known TCTI mod‐
505 ules.
506
508 To duplicate a key, one needs the key to duplicate, created with a pol‐
509 icy that
510 allows duplication and a new parent:
511 tpm2_startauthsession -S session.dat
513 tpm2_policycommandcode -S session.dat -L policy.dat TPM2_CC_Duplicate
514 tpm2_flushcontext session.dat
515 tpm2_createprimary -C o -g sha256 -G rsa -c primary.ctxt
517 tpm2_create -C primary.ctxt -g sha256 -G rsa -r key.prv -u key.pub \
518 -L policy.dat -a "sensitivedataorigin"
519 tpm2_loadexternal -C o -u new_parent.pub -c new_parent.ctxt
521 tpm2_startauthsession \--policy-session -S session.dat
523 tpm2_policycommandcode -S session.dat -L policy.dat TPM2_CC_Duplicate
524 tpm2_duplicate -C new_parent.ctxt -c key.ctxt -G null -p "session:session.dat" \
525 -r duprv.bin -s seed.dat
526 tpm2_flushcontext session.dat
527 As an end-to-end example, the following will transfer an RSA key gener‐
529 ated on TPM-A to TPM-B
530 On TPM-B
532 Create a parent object that will be used to wrap/transfer the key.
533 tpm2_createprimary -C o -g sha256 -G rsa -c primary.ctx
535 tpm2_create -C primary.ctx -g sha256 -G rsa \
537 -r new_parent.prv -u new_parent.pub \
538 -a "restricted|sensitivedataorigin|decrypt|userwithauth"
539 Copy new_parent.pub to TPM-A.
541 On TPM-A
543 Create root object and auth policy allows duplication only
544 tpm2_createprimary -C o -g sha256 -G rsa -c primary.ctx
546 tpm2_startauthsession -S session.dat
548 tpm2_policycommandcode -S session.dat -L dpolicy.dat TPM2_CC_Duplicate
550 tpm2_flushcontext session.dat
552 rm session.dat
554 Generate an RSA keypair on TPM-A that will be duplicated (note the
556 passphrase is 'foo')
557 tpm2_create -C primary.ctx -g sha256 -G rsa -p foo -r key.prv \
559 -u key.pub -L dpolicy.dat -a "sensitivedataorigin|userwithauth|decrypt|sign"
560 tpm2_load -C primary.ctx -r key.prv -u key.pub -c key.ctx
562 tpm2_readpublic -c key.ctx -o dup.pub
564 Test sign and encryption locally (so we can compare later that the same
566 key was transferred).
567 echo "meet me at.." >file.txt
569 tpm2_rsaencrypt -c key.ctx -o data.encrypted file.txt
570 tpm2_sign -c key.ctx -g sha256 -f plain -p foo -o sign.raw file.txt
571 Compare the signature hash (we will use this later to confirm the key
573 was transferred to TPM-B):
574 sha256sum sign.raw
576 a1b4e3fbaa29e6e46d95cff498150b6b8e7d9fd21182622e8f5a3ddde257879e
578 Start an auth session and policy command to allow duplication
580 tpm2_startauthsession --policy-session -S session.dat
582 tpm2_policycommandcode -S session.dat -L dpolicy.dat TPM2_CC_Duplicate
584 Load the new_parent.pub file transferred from TPM-B
586 tpm2_loadexternal -C o -u new_parent.pub -c new_parent.ctx
588 Start the duplication
590 tpm2_duplicate -C new_parent.ctx -c key.ctx -G null \
592 -p "session:session.dat" -r dup.dpriv -s dup.seed
593 Copy the following files to TPM-B: * dup.pub * dup.dpriv * dup.seed *
595 (optionally data.encrypted just to test decryption)
596 On TPM-B
598 Start an auth,policy session
599 tpm2_startauthsession --policy-session -S session.dat
601 tpm2_policycommandcode -S session.dat -L dpolicy.dat TPM2_CC_Duplicate
603 Load the context we used to transfer
605 tpm2_flushcontext --transient-object
607 tpm2_load -C primary.ctx -u new_parent.pub -r new_parent.prv -c new_parent.ctx
609 Import the duplicated context against the parent we used
611 tpm2_import -C new_parent.ctx -u dup.pub -i dup.dpriv \
613 -r dup.prv -s dup.seed -L dpolicy.dat
614 Load the duplicated key context
616 tpm2_flushcontext --transient-object
618 tpm2_load -C new_parent.ctx -u dup.pub -r dup.prv -c dup.ctx
620 Test the imported key matches
622 • Sign
624 echo "meet me at.." >file.txt
626 tpm2_sign -c dup.ctx -g sha256 -o sig.rss -p foo file.txt
628 dd if=sig.rss of=sign.raw bs=1 skip=6 count=256
630 Compare the signature file hash:
632 $ sha256sum sign.raw
634 a1b4e3fbaa29e6e46d95cff498150b6b8e7d9fd21182622e8f5a3ddde257879e
636 • Decryption
638 tpm2_flushcontext --transient-object
640 tpm2_rsadecrypt -p foo -c dup.ctx -o data.ptext data.encrypted
642 # cat data.ptext
644 meet me at..
645 Exporting an OpenSSL RSA key for a remote TPM
647 To securely send an OpenSSL generated RSA key to a remote TPM such that
648 only that remote TPM will be able to load it, and without exposing the
649 private key to the host operating system on the remote machine:
650 • On the destination TPM-B, create a primary context and read its pub‐
652 lic key, then send primary.pub to the source machine:
653 tpm2_createprimary -c primary.ctx
655 tpm2_readpublic -c primary.ctx -o primary.pub
656 • On the source machine create the RSA private key and wrap it for the
658 destination TPM's public key. Similar to tpm2_makecredential, this
659 step should not require a TPM.
660 openssl genrsa -out rsa.pem
662 tpm2_duplicate -U primary.pub -G rsa -k rsa.pem -u rsa.pub -r rsa.dpriv -s rsa.seed
663 • Send the rsa.pub, rsa.dpriv and rsa.seed to the destination TPM-B and
665 import the files, which will decrypt them using the primary.ctx to
666 produce rsa.priv, which can then be loaded and used as a TPM key:
667 tpm2_import -C primary.ctx -G rsa -i rsa.dpriv -s rsa.seed -u rsa.pub -r rsa.priv
669 tpm2_load -C primary.ctx -c rsa.ctx -u rsa.pub -r rsa.priv
670
672 Tools can return any of the following codes:
673 • 0 - Success.
675 • 1 - General non-specific error.
677 • 2 - Options handling error.
679 • 3 - Authentication error.
681 • 4 - TCTI related error.
683 • 5 - Non supported scheme. Applicable to tpm2_testparams.
685
687 Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
688
690 See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
691tpm2-tools tpm2_duplicate(1)