1TSSCERTIFYX509(1)                User Commands               TSSCERTIFYX509(1)
2
3
4

NAME

6       tsscertifyx509 - Runs TPM2 certifyx509
7

DESCRIPTION

9       certifyx509
10
11       Runs TPM2_Certifyx509
12
13       -ho    object handle
14
15       [-pwdo password for object (default empty)]
16
17       -hk    certifying key handle
18
19       [-pwdk password for key (default empty)]
20
21       [-halg (sha256, sha384) (default sha256)]
22
23       -rsa keybits
24
25              2048 3072
26
27       -ecc curve
28
29              nistp256 nistp384
30
31       [-ku   X509 key usage - string - comma separated, no spaces]
32
33       [-iob  TPMA_OBJECT  -  4  byte  hex]  e.g. sign: critical,digitalSigna‐
34              ture,keyCertSign,cRLSign   (default)   e.g.   decrypt:    criti‐
35              cal,dataEncipherment,keyAgreement,encipherOnly,decipherOnly e.g.
36              fixedTPM:  critical,nonRepudiation  e.g.  parent  (restrict  de‐
37              crypt): critical,keyEncipherment
38
39       [-bit  bit in partialCertificate to toggle]
40
41       [-sub  subject same as issuer for self signed (root) certificate]
42
43       [-opc  partial certificate file name (default do not save)]
44
45       [-oa   addedToCertificate file name (default do not save)]
46
47       [-otbs signed tbsDigest file name (default do not save)]
48
49       [-os   signature file name (default do not save)]
50
51       [-ocert
52              reconstructed certificate file name (default do not save)]
53
54       -se[0-2] session handle / attributes (default PWAP)
55
56       01     continue
57
58       20     command decrypt
59
60       40     response encrypt
61
62
63
64tsscertifyx509 1.6               November 2020               TSSCERTIFYX509(1)
Impressum