Scroll to navigation

TSSCERTIFYX509(1) User Commands TSSCERTIFYX509(1)

NAME

tsscertifyx509 - Runs TPM2 certifyx509

DESCRIPTION

certifyx509

Runs TPM2_Certifyx509

object handle
[-pwdo
password for object (default empty)]
certifying key handle
[-pwdk
password for key (default empty)]
[-halg
(sha256, sha384) (default sha256)]

-rsa keybits

2048 3072

-ecc curve

nistp256 nistp384
[-ku
X509 key usage - string - comma separated, no spaces]
[-iob
TPMA_OBJECT - 4 byte hex] e.g. sign: critical,digitalSignature,keyCertSign,cRLSign (default) e.g. decrypt: critical,dataEncipherment,keyAgreement,encipherOnly,decipherOnly e.g. fixedTPM: critical,nonRepudiation e.g. parent (restrict decrypt): critical,keyEncipherment
[-bit
bit in partialCertificate to toggle]
[-sub
subject same as issuer for self signed (root) certificate]
[-opc
partial certificate file name (default do not save)]
[-oa
addedToCertificate file name (default do not save)]
[-otbs
signed tbsDigest file name (default do not save)]
[-os
signature file name (default do not save)]
[-ocert
reconstructed certificate file name (default do not save)]

-se[0-2] session handle / attributes (default PWAP)

01
continue
20
command decrypt
40
response encrypt
November 2020 tsscertifyx509 1.6