table of contents
| TSSCERTIFYX509(1) | User Commands | TSSCERTIFYX509(1) |
NAME¶
tsscertifyx509 - Runs TPM2 certifyx509
DESCRIPTION¶
certifyx509
Runs TPM2_Certifyx509
- -ho
- object handle
- [-pwdo
- password for object (default empty)]
- -hk
- certifying key handle
- [-pwdk
- password for key (default empty)]
- [-halg
- (sha256, sha384) (default sha256)]
-rsa keybits
- 2048 3072
-ecc curve
- nistp256 nistp384
- [-ku
- X509 key usage - string - comma separated, no spaces]
- [-iob
- TPMA_OBJECT - 4 byte hex] e.g. sign: critical,digitalSignature,keyCertSign,cRLSign (default) e.g. decrypt: critical,dataEncipherment,keyAgreement,encipherOnly,decipherOnly e.g. fixedTPM: critical,nonRepudiation e.g. parent (restrict decrypt): critical,keyEncipherment
- [-bit
- bit in partialCertificate to toggle]
- [-sub
- subject same as issuer for self signed (root) certificate]
- [-opc
- partial certificate file name (default do not save)]
- [-oa
- addedToCertificate file name (default do not save)]
- [-otbs
- signed tbsDigest file name (default do not save)]
- [-os
- signature file name (default do not save)]
- [-ocert
- reconstructed certificate file name (default do not save)]
-se[0-2] session handle / attributes (default PWAP)
- 01
- continue
- 20
- command decrypt
- 40
- response encrypt
| November 2020 | tsscertifyx509 1.6 |