1tpm2_sign(1) General Commands Manual tpm2_sign(1)
2
3
4
6 tpm2_sign(1) - Sign a hash or message using the TPM.
7
9 tpm2_sign [OPTIONS] [ARGUMENT]
10
12 tpm2_sign(1) - Generates signature of specified message or message-di‐
13 gest using the specified symmetric or asymmetric signing key.
14
15 When signing a message, tpm2_sign utility first calculates the digest
16 of the message similar to the tpm2_hash command. It also generates a
17 validation ticket under TPM2_RH_NULL or TPM2_RH_OWNER hierarchies re‐
18 spectively for unrestricted or the restricted signing keys.
19
20 While signing messages is a provision in this tool it is recommended to
21 use the tpm2_hash tool first and pass the digest and validation ticket.
22
23 NOTE: If the signing key is a restricted signing key, then validation
24 and digest must be provided via the -t input. The ticket indicates
25 that the TPM performed the hash of the message.
26
28 • -c, --key-context=OBJECT:
29
30 Context object pointing to the the key used for signing. Either a
31 file or a handle number. See section "Context Object Format".
32
33 • -p, --authAUTH:
34
35 Optional authorization value to use the key specified by -c. Autho‐
36 rization values should follow the "authorization formatting stan‐
37 dards", see section "Authorization Formatting".
38
39 • -g, --hash-algorithm=ALGORITHM:
40
41 The hash algorithm used to digest the message. Algorithms should
42 follow the "formatting standards", see section "Algorithm Speci‐
43 fiers". Also, see section "Supported Hash Algorithms" for a list of
44 supported hash algorithms.
45
46 • -s, --scheme=ALGORITHM:
47
48 The signing scheme used to sign the message. Optional.
49
50 Signing schemes should follow the "formatting standards", see section
51 "Algorithm Specifiers".
52
53 If specified, the signature scheme must match the key type. If left
54 unspecified, a default signature scheme for the key type will be
55 used.
56
57 • -d, --digest:
58
59 Indicate that FILE is a file containing the digest of the message.
60 When this option and -t is specified, a warning is generated and the
61 validation ticket (-t) is ignored. You cannot use this option to
62 sign a digest against a restricted signing key.
63
64 • -t, --ticket=FILE:
65
66 The ticket file, containing the validation structure, optional.
67
68 • -o, --signature=FILE:
69
70 The signature file, records the signature structure.
71
72 • -f, --format=FORMAT:
73
74 Format selection for the signature output file. See section "Signa‐
75 ture Format Specifiers".
76
77 • --cphash=FILE
78
79 File path to record the hash of the command parameters. This is com‐
80 monly termed as cpHash. NOTE: When this option is selected, The tool
81 will not actually execute the command, it simply returns a cpHash.
82
83 • --commit-index=NATURALNUMBER
84
85 The commit counter value to determine the key index to use in an EC‐
86 DAA signing scheme. The default counter value is 0.
87
88 • ARGUMENT the command line argument specifies the file data for sign.
89
90 References
92 The type of a context object, whether it is a handle or file name, is
93 determined according to the following logic in-order:
94
95 • If the argument is a file path, then the file is loaded as a restored
96 TPM transient object.
97
98 • If the argument is a prefix match on one of:
99
100 • owner: the owner hierarchy
101
102 • platform: the platform hierarchy
103
104 • endorsement: the endorsement hierarchy
105
106 • lockout: the lockout control persistent object
107
108 • If the argument argument can be loaded as a number it will be treat
109 as a handle, e.g. 0x81010013 and used directly.OBJECT.
110
112 Authorization for use of an object in TPM2.0 can come in 3 different
113 forms: 1. Password 2. HMAC 3. Sessions
114
115 NOTE: "Authorizations default to the EMPTY PASSWORD when not speci‐
116 fied".
117
118 Passwords
119 Passwords are interpreted in the following forms below using prefix
120 identifiers.
121
122 Note: By default passwords are assumed to be in the string form when
123 they do not have a prefix.
124
125 String
126 A string password, specified by prefix "str:" or it's absence (raw
127 string without prefix) is not interpreted, and is directly used for au‐
128 thorization.
129
130 Examples
131 foobar
132 str:foobar
133
134 Hex-string
135 A hex-string password, specified by prefix "hex:" is converted from a
136 hexidecimal form into a byte array form, thus allowing passwords with
137 non-printable and/or terminal un-friendly characters.
138
139 Example
140 hex:0x1122334455667788
141
142 File
143 A file based password, specified be prefix "file:" should be the path
144 of a file containing the password to be read by the tool or a "-" to
145 use stdin. Storing passwords in files prevents information leakage,
146 passwords passed as options can be read from the process list or common
147 shell history features.
148
149 Examples
150 # to use stdin and be prompted
151 file:-
152
153 # to use a file from a path
154 file:path/to/password/file
155
156 # to echo a password via stdin:
157 echo foobar | tpm2_tool -p file:-
158
159 # to use a bash here-string via stdin:
160
161 tpm2_tool -p file:- <<< foobar
162
163 Sessions
164 When using a policy session to authorize the use of an object, prefix
165 the option argument with the session keyword. Then indicate a path to
166 a session file that was created with tpm2_startauthsession(1). Option‐
167 ally, if the session requires an auth value to be sent with the session
168 handle (eg policy password), then append a + and a string as described
169 in the Passwords section.
170
171 Examples
172 To use a session context file called session.ctx.
173
174 session:session.ctx
175
176 To use a session context file called session.ctx AND send the authvalue
177 mypassword.
178
179 session:session.ctx+mypassword
180
181 To use a session context file called session.ctx AND send the HEX auth‐
182 value 0x11223344.
183
184 session:session.ctx+hex:11223344
185
186 PCR Authorizations
187 You can satisfy a PCR policy using the "pcr:" prefix and the PCR mini‐
188 language. The PCR minilanguage is as follows:
189 <pcr-spec>=<raw-pcr-file>
190
191 The PCR spec is documented in in the section "PCR bank specifiers".
192
193 The raw-pcr-file is an optional the output of the raw PCR contents as
194 returned by tpm2_pcrread(1).
195
196 PCR bank specifiers (common/pcr.md)
197
198 Examples
199 To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifi‐
200 er of:
201
202 pcr:sha256:0,1,2,3
203
204 specifying AUTH.
205
207 Options that take algorithms support "nice-names".
208
209 There are two major algorithm specification string classes, simple and
210 complex. Only certain algorithms will be accepted by the TPM, based on
211 usage and conditions.
212
213 Simple specifiers
214 These are strings with no additional specification data. When creating
215 objects, non-specified portions of an object are assumed to defaults.
216 You can find the list of known "Simple Specifiers Below".
217
218 Asymmetric
219 • rsa
220
221 • ecc
222
223 Symmetric
224 • aes
225
226 • camellia
227
228 Hashing Algorithms
229 • sha1
230
231 • sha256
232
233 • sha384
234
235 • sha512
236
237 • sm3_256
238
239 • sha3_256
240
241 • sha3_384
242
243 • sha3_512
244
245 Keyed Hash
246 • hmac
247
248 • xor
249
250 Signing Schemes
251 • rsassa
252
253 • rsapss
254
255 • ecdsa
256
257 • ecdaa
258
259 • ecschnorr
260
261 Asymmetric Encryption Schemes
262 • oaep
263
264 • rsaes
265
266 • ecdh
267
268 Modes
269 • ctr
270
271 • ofb
272
273 • cbc
274
275 • cfb
276
277 • ecb
278
279 Misc
280 • null
281
282 Complex Specifiers
283 Objects, when specified for creation by the TPM, have numerous algo‐
284 rithms to populate in the public data. Things like type, scheme and
285 asymmetric details, key size, etc. Below is the general format for
286 specifying this data: <type>:<scheme>:<symmetric-details>
287
288 Type Specifiers
289 This portion of the complex algorithm specifier is required. The re‐
290 maining scheme and symmetric details will default based on the type
291 specified and the type of the object being created.
292
293 • aes - Default AES: aes128
294
295 • aes128<mode> - 128 bit AES with optional mode (ctr|ofb|cbc|cfb|ecb).
296 If mode is not specified, defaults to null.
297
298 • aes192<mode> - Same as aes128<mode>, except for a 192 bit key size.
299
300 • aes256<mode> - Same as aes128<mode>, except for a 256 bit key size.
301
302 • ecc - Elliptical Curve, defaults to ecc256.
303
304 • ecc192 - 192 bit ECC
305
306 • ecc224 - 224 bit ECC
307
308 • ecc256 - 256 bit ECC
309
310 • ecc384 - 384 bit ECC
311
312 • ecc521 - 521 bit ECC
313
314 • rsa - Default RSA: rsa2048
315
316 • rsa1024 - RSA with 1024 bit keysize.
317
318 • rsa2048 - RSA with 2048 bit keysize.
319
320 • rsa4096 - RSA with 4096 bit keysize.
321
322 Scheme Specifiers
323 Next, is an optional field, it can be skipped.
324
325 Schemes are usually Signing Schemes or Asymmetric Encryption Schemes.
326 Most signing schemes take a hash algorithm directly following the sign‐
327 ing scheme. If the hash algorithm is missing, it defaults to sha256.
328 Some take no arguments, and some take multiple arguments.
329
330 Hash Optional Scheme Specifiers
331 These scheme specifiers are followed by a dash and a valid hash algo‐
332 rithm, For example: oaep-sha256.
333
334 • oaep
335
336 • ecdh
337
338 • rsassa
339
340 • rsapss
341
342 • ecdsa
343
344 • ecschnorr
345
346 Multiple Option Scheme Specifiers
347 This scheme specifier is followed by a count (max size UINT16) then
348 followed by a dash(-) and a valid hash algorithm. * ecdaa For example,
349 ecdaa4-sha256. If no count is specified, it defaults to 4.
350
351 No Option Scheme Specifiers
352 This scheme specifier takes NO arguments. * rsaes
353
354 Symmetric Details Specifiers
355 This field is optional, and defaults based on the type of object being
356 created and it's attributes. Generally, any valid Symmetric specifier
357 from the Type Specifiers list should work. If not specified, an asym‐
358 metric objects symmetric details defaults to aes128cfb.
359
360 Examples
361 Create an rsa2048 key with an rsaes asymmetric encryption scheme
362 tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv
363
364 Create an ecc256 key with an ecdaa signing scheme with a count of 4
365 and sha384 hash
366
367 /tpm2_create -C parent.ctx -G ecc256:ec‐
368 daa4-sha384 -u key.pub -r key.priv cryptographic algorithms ALGORITHM.
369
371 This collection of options are common to many programs and provide in‐
372 formation that many users may expect.
373
374 • -h, --help=[man|no-man]: Display the tools manpage. By default, it
375 attempts to invoke the manpager for the tool, however, on failure
376 will output a short tool summary. This is the same behavior if the
377 "man" option argument is specified, however if explicit "man" is re‐
378 quested, the tool will provide errors from man on stderr. If the
379 "no-man" option if specified, or the manpager fails, the short op‐
380 tions will be output to stdout.
381
382 To successfully use the manpages feature requires the manpages to be
383 installed or on MANPATH, See man(1) for more details.
384
385 • -v, --version: Display version information for this tool, supported
386 tctis and exit.
387
388 • -V, --verbose: Increase the information that the tool prints to the
389 console during its execution. When using this option the file and
390 line number are printed.
391
392 • -Q, --quiet: Silence normal tool output to stdout.
393
394 • -Z, --enable-errata: Enable the application of errata fixups. Useful
395 if an errata fixup needs to be applied to commands sent to the TPM.
396 Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. in‐
397 formation many users may expect.
398
400 The TCTI or "Transmission Interface" is the communication mechanism
401 with the TPM. TCTIs can be changed for communication with TPMs across
402 different mediums.
403
404 To control the TCTI, the tools respect:
405
406 1. The command line option -T or --tcti
407
408 2. The environment variable: TPM2TOOLS_TCTI.
409
410 Note: The command line option always overrides the environment vari‐
411 able.
412
413 The current known TCTIs are:
414
415 • tabrmd - The resource manager, called tabrmd
416 (https://github.com/tpm2-software/tpm2-abrmd). Note that tabrmd and
417 abrmd as a tcti name are synonymous.
418
419 • mssim - Typically used for communicating to the TPM software simula‐
420 tor.
421
422 • device - Used when talking directly to a TPM device file.
423
424 • none - Do not initalize a connection with the TPM. Some tools allow
425 for off-tpm options and thus support not using a TCTI. Tools that do
426 not support it will error when attempted to be used without a TCTI
427 connection. Does not support ANY options and MUST BE presented as
428 the exact text of "none".
429
430 The arguments to either the command line option or the environment
431 variable are in the form:
432
433 <tcti-name>:<tcti-option-config>
434
435 Specifying an empty string for either the <tcti-name> or <tcti-op‐
436 tion-config> results in the default being used for that portion respec‐
437 tively.
438
439 TCTI Defaults
440 When a TCTI is not specified, the default TCTI is searched for using
441 dlopen(3) semantics. The tools will search for tabrmd, device and
442 mssim TCTIs IN THAT ORDER and USE THE FIRST ONE FOUND. You can query
443 what TCTI will be chosen as the default by using the -v option to print
444 the version information. The "default-tcti" key-value pair will indi‐
445 cate which of the aforementioned TCTIs is the default.
446
447 Custom TCTIs
448 Any TCTI that implements the dynamic TCTI interface can be loaded. The
449 tools internally use dlopen(3), and the raw tcti-name value is used for
450 the lookup. Thus, this could be a path to the shared library, or a li‐
451 brary name as understood by dlopen(3) semantics.
452
454 This collection of options are used to configure the various known TCTI
455 modules available:
456
457 • device: For the device TCTI, the TPM character device file for use by
458 the device TCTI can be specified. The default is /dev/tpm0.
459
460 Example: -T device:/dev/tpm0 or export TPM2TOOLS_TCTI="de‐
461 vice:/dev/tpm0"
462
463 • mssim: For the mssim TCTI, the domain name or IP address and port
464 number used by the simulator can be specified. The default are
465 127.0.0.1 and 2321.
466
467 Example: -T mssim:host=localhost,port=2321 or export TPM2TOOLS_TC‐
468 TI="mssim:host=localhost,port=2321"
469
470 • abrmd: For the abrmd TCTI, the configuration string format is a se‐
471 ries of simple key value pairs separated by a ',' character. Each
472 key and value string are separated by a '=' character.
473
474 • TCTI abrmd supports two keys:
475
476 1. 'bus_name' : The name of the tabrmd service on the bus (a
477 string).
478
479 2. 'bus_type' : The type of the dbus instance (a string) limited to
480 'session' and 'system'.
481
482 Specify the tabrmd tcti name and a config string of bus_name=com.ex‐
483 ample.FooBar:
484
485 \--tcti=tabrmd:bus_name=com.example.FooBar
486
487 Specify the default (abrmd) tcti and a config string of bus_type=ses‐
488 sion:
489
490 \--tcti:bus_type=session
491
492 NOTE: abrmd and tabrmd are synonymous. the various known TCTI mod‐
493 ules.
494
496 Format selection for the signature output file. tss (the default) will
497 output a binary blob according to the TPM 2.0 specification and any po‐
498 tential compiler padding. The option plain will output the plain sig‐
499 nature data as defined by the used cryptographic algorithm.
500
502 Sign and verify with the TPM using the endorsement
503 hierarchy
504
505 tpm2_createprimary -C e -c primary.ctx
506
507 tpm2_create -G rsa -u rsa.pub -r rsa.priv -C primary.ctx
508
509 tpm2_load -C primary.ctx -u rsa.pub -r rsa.priv -c rsa.ctx
510
511 echo "my message" > message.dat
512
513 tpm2_sign -c rsa.ctx -g sha256 -o sig.rssa message.dat
514
515 tpm2_verifysignature -c rsa.ctx -g sha256 -s sig.rssa -m message.dat
516
517 Sign with the TPM and verify with OSSL
518 openssl ecparam -name prime256v1 -genkey -noout -out private.ecc.pem
519
520 openssl ec -in private.ecc.pem -out public.ecc.pem -pubout
521
522 # Generate a hash to sign
523 echo "data to sign" > data.in.raw
524
525 sha256sum data.in.raw | awk '{ print "000000 " $1 }' | \
526 xxd -r -c 32 > data.in.digest
527
528 # Load the private key for signing
529 tpm2_loadexternal -Q -G ecc -r private.ecc.pem -c key.ctx
530
531 # Sign in the TPM and verify with OSSL
532 tpm2_sign -Q -c key.ctx -g sha256 -d -f plain -o data.out.signed data.in.digest
533
534 openssl dgst -verify public.ecc.pem -keyform pem -sha256 \
535 -signature data.out.signed data.in.raw
536
538 Tools can return any of the following codes:
539
540 • 0 - Success.
541
542 • 1 - General non-specific error.
543
544 • 2 - Options handling error.
545
546 • 3 - Authentication error.
547
548 • 4 - TCTI related error.
549
550 • 5 - Non supported scheme. Applicable to tpm2_testparams.
551
553 Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
554
556 See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
557
558
559
560tpm2-tools tpm2_sign(1)