tpmtool(1) User Commands tpmtool(1)NAMEtpmtool - GnuTLS TPM tool
SYNOPSIStpmtool [-flag [value]]... [--opt-name[[=| ]value]]...
All arguments must be options.
DESCRIPTION
Program that allows handling cryptographic data from the TPM chip.
OPTIONS-d number, --debug=number
Enable debugging.. This option takes an integer number as its
argument. The value of number is constrained to being:
in the range 0 through 9999
Specifies the debug level.
--infile=file
Input file.
--outfile=string
Output file.
--generate-rsa
Generate an RSA private-public key pair.
Generates an RSA private-public key pair in the TPM chip. The
key may be stored in filesystem and protected by a PIN, or
stored (registered) in the TPM chip flash.
--register
Any generated key will be registered in the TPM. This option
must appear in combination with the following options: generate-
rsa.
--signing
Any generated key will be a signing key. This option must
appear in combination with the following options: generate-rsa.
This option must not appear in combination with any of the fol‐
lowing options: legacy.
--legacy
Any generated key will be a legacy key. This option must appear
in combination with the following options: generate-rsa. This
option must not appear in combination with any of the following
options: signing.
--user Any registered key will be a user key. This option must appear
in combination with the following options: register. This
option must not appear in combination with any of the following
options: system.
The generated key will be stored in a user specific persistent
storage.
--system
Any registred key will be a system key. This option must appear
in combination with the following options: register. This
option must not appear in combination with any of the following
options: user.
The generated key will be stored in system persistent storage.
--pubkey=url
Prints the public key of the provided key.
--list Lists all stored keys in the TPM.
--delete=url
Delete the key identified by the given URL (UUID)..
--sec-param=security parameter
Specify the security level [low, legacy, normal, high, ultra]..
This is alternative to the bits option. Note however that the
values allowed by the TPM chip are quantized and given values
may be rounded up.
--bits=number
Specify the number of bits for key generate. This option takes
an integer number as its argument.
--inder, --no-inder
Use the DER format for keys.. The no-inder form will disable
the option.
The input files will be assumed to be in the portable DER format
of TPM. The default format is a custom format used by various
TPM tools
--outder, --no-outder
Use DER format for output keys. The no-outder form will disable
the option.
The output will be in the TPM portable DER format.
-h, --help
Display usage information and exit.
-!, --more-help
Pass the extended usage information through a pager.
-v [{v|c|n}], --version[={v|c|n}]
Output version of program and exit. The default mode is `v', a
simple version. The `c' mode will print copyright information
and `n' will print the full copyright notice.
EXAMPLES
To generate a key that is to be stored in filesystem use:
$ tpmtool--generate-rsa --bits 2048 --outfile tpmkey.pem
To generate a key that is to be stored in TPM's flash use:
$ tpmtool--generate-rsa --bits 2048 --register --user
To get the public key of a TPM key use:
$ tpmtool--pubkey tpmkey:uuid=58ad734b-bde6-45c7-89d8-756a55ad1891;storage=user --outfile pubkey.pem
or if the key is stored in the filesystem:
$ tpmtool--pubkey tpmkey:file=tmpkey.pem --outfile pubkey.pem
To list all keys stored in TPM use:
$ tpmtool--list
EXIT STATUS
One of the following exit values will be returned:
0 (EXIT_SUCCESS)
Successful program execution.
1 (EXIT_FAILURE)
The operation failed or the command syntax was not valid.
70 (EX_SOFTWARE)
libopts had an internal operational error. Please report it to
autogen-users@lists.sourceforge.net. Thank you.
SEE ALSO
p11tool (1), certtool (1)
AUTHORS
Nikos Mavrogiannopoulos, Simon Josefsson and others; see
/usr/share/doc/gnutls-bin/AUTHORS for a complete list.
COPYRIGHT
Copyright (C) 2000-2012 Free Software Foundation all rights reserved.
This program is released under the terms of the GNU General Public
License, version 3 or later.
BUGS
Please send bug reports to: bug-gnutls@gnu.org
NOTES
This manual page was AutoGen-erated from the tpmtool option defini‐
tions.
3.1.16 31 Oct 2013 tpmtool(1)