| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
5.3.4 Invoking tpmtool
Program that allows handling cryptographic data from the TPM chip.
This section was generated by AutoGen,
using the agtexi-cmd template and the option descriptions for the tpmtool program.
This software is released under the GNU General Public License, version 3 or later.
tpmtool help/usage (‘--help’)
This is the automatically generated usage text for tpmtool.
The text printed is the same whether selected with the help option
(‘--help’) or the more-help option (‘--more-help’). more-help will print
the usage text by passing it through a pager program.
more-help is disabled on platforms without a working
fork(2) function. The PAGER environment variable is
used to select the program, defaulting to ‘more’. Both will exit
with a status code of 0.
tpmtool - GnuTLS TPM tool
Usage: tpmtool [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
-d, --debug=num Enable debugging
- it must be in the range:
0 to 9999
--infile=file Input file
- file must pre-exist
--outfile=str Output file
--generate-rsa Generate an RSA private-public key pair
--register Any generated key will be registered in the TPM
- requires the option 'generate-rsa'
--signing Any generated key will be a signing key
- requires the option 'generate-rsa'
-- and prohibits the option 'legacy'
--legacy Any generated key will be a legacy key
- requires the option 'generate-rsa'
-- and prohibits the option 'signing'
--user Any registered key will be a user key
- requires the option 'register'
-- and prohibits the option 'system'
--system Any registred key will be a system key
- requires the option 'register'
-- and prohibits the option 'user'
--pubkey=str Prints the public key of the provided key
--list Lists all stored keys in the TPM
--delete=str Delete the key identified by the given URL (UUID).
--sec-param=str Specify the security level [low, legacy, medium, high, ultra].
--bits=num Specify the number of bits for key generate
--inder Use the DER format for keys.
- disabled as '--no-inder'
--outder Use DER format for output keys
- disabled as '--no-outder'
-v, --version[=arg] output version information and exit
-h, --help display extended usage information and exit
-!, --more-help extended usage information passed thru pager
Options are specified by doubled hyphens and their name or by a single
hyphen and the flag character.
Program that allows handling cryptographic data from the TPM chip.
debug option (-d)
This is the “enable debugging” option. This option takes a number argument. Specifies the debug level.
generate-rsa option
This is the “generate an rsa private-public key pair” option. Generates an RSA private-public key pair in the TPM chip. The key may be stored in filesystem and protected by a PIN, or stored (registered) in the TPM chip flash.
user option
This is the “any registered key will be a user key” option.
This option has some usage constraints. It:
- must appear in combination with the following options: register.
- must not appear in combination with any of the following options: system.
The generated key will be stored in a user specific persistent storage.
system option
This is the “any registred key will be a system key” option.
This option has some usage constraints. It:
- must appear in combination with the following options: register.
- must not appear in combination with any of the following options: user.
The generated key will be stored in system persistent storage.
sec-param option
This is the “specify the security level [low, legacy, medium, high, ultra].” option. This option takes a string argument ‘Security parameter’. This is alternative to the bits option. Note however that the values allowed by the TPM chip are quantized and given values may be rounded up.
inder option
This is the “use the der format for keys.” option.
This option has some usage constraints. It:
- can be disabled with –no-inder.
The input files will be assumed to be in the portable DER format of TPM. The default format is a custom format used by various TPM tools
outder option
This is the “use der format for output keys” option.
This option has some usage constraints. It:
- can be disabled with –no-outder.
The output will be in the TPM portable DER format.
tpmtool exit status
One of the following exit values will be returned:
- ‘0 (EXIT_SUCCESS)’
Successful program execution.
- ‘1 (EXIT_FAILURE)’
The operation failed or the command syntax was not valid.
tpmtool See Also
tpmtool Examples
To generate a key that is to be stored in filesystem use:
$ tpmtool --generate-rsa --bits 2048 --outfile tpmkey.pem
To generate a key that is to be stored in TPM’s flash use:
$ tpmtool --generate-rsa --bits 2048 --register --user
To get the public key of a TPM key use:
$ tpmtool --pubkey tpmkey:uuid=58ad734b-bde6-45c7-89d8-756a55ad1891;storage=user \
--outfile pubkey.pem
or if the key is stored in the filesystem:
$ tpmtool --pubkey tpmkey:file=tmpkey.pem --outfile pubkey.pem
To list all keys stored in TPM use:
$ tpmtool --list
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on May 31, 2014 using texi2html 5.0.