tsscreateprimary(1)

1TSSCREATEPRIMARY(1)              User Commands             TSSCREATEPRIMARY(1)
2
3
4

NAME

6       tsscreateprimary - Runs TPM2 createprimary
7

DESCRIPTION

9       createprimary creates a primary storage key
10
11       Runs TPM2_CreatePrimary
12
13       [-hi   hierarchy (e, o, p, n) (default null)]
14
15       [-pwdp password for hierarchy (default empty)]
16
17       [-pwdpi
18              password file name for hierarchy (default empty)]
19
20       [-pwdk password for key (default empty)]
21
22       [-iu   inPublic unique field file (default none)]
23
24       [-opu  public key file name (default do not save)]
25
26       [-opem public key PEM format file name (default do not save)]
27
28       [-tk   output ticket file name]
29
30       [-ch   output creation hash file name]
31
32              [Asymmetric Key Algorithm]
33
34       -rsa [keybits] (default)
35
36              (2048 default)
37
38       -ecc curve
39
40              bnp256 nistp256 nistp384
41
42              Key attributes
43
44       -bl    data blob for unseal (create only) requires -if
45
46       -den   decryption, (unrestricted, RSA and EC NULL scheme)
47
48       -deo   decryption, (unrestricted, RSA OAEP, EC NULL scheme)
49
50       -dee   decryption, (unrestricted, RSA ES, EC NULL scheme)
51
52       -des   encryption/decryption,  AES symmetric [-116 for TPM rev 116 com‐
53              patibility]
54
55       -st    storage (restricted) [default for primary keys]
56
57       -si    unrestricted signing (RSA and EC NULL scheme)
58
59       -sir   restricted signing (RSA RSASSA, EC ECDSA scheme)
60
61       -dau   unrestricted ECDAA signing key pair
62
63       -dar   restricted ECDAA signing key pair
64
65       -kh    keyed hash (unrestricted, hmac)
66
67       -khr   keyed hash (restricted, hmac)
68
69       -dp    derivation parent
70
71       -gp    general purpose, not storage
72
73       [-kt   (can be specified more than once)] f       fixedTPM (default for
74              primary  keys  and  derivation parents) p       fixedParent (de‐
75              fault for  primary  keys  and  derivation  parents)  nf       no
76              fixedTPM  (default  for non-primary keys) np      no fixedParent
77              (default for non-primary  keys)  ed       encrypted  duplication
78              (default not set)
79
80       [-da   object subject to DA protection (default no)]
81
82       [-pol  policy file (default empty)]
83
84       [-uwa  userWithAuth attribute clear (default set)]
85
86       [-if   data (inSensitive) file name]
87
88       [-nalg name  hash  algorithm  (sha1,  sha256,  sha384, sha512) (default
89              sha256)]
90
91       [-halg scheme hash algorithm (sha1, sha256,  sha384,  sha512)  (default
92              sha256)]
93
94       -se[0-2] session handle / attributes (default PWAP)
95
96       01     continue
97
98       20     command decrypt
99
100       40     response encrypt
101
102
103
104tsscreateprimary 1.6             November 2020             TSSCREATEPRIMARY(1)