Scroll to navigation

TSSCREATEEKCERT(1) User Commands TSSCREATEEKCERT(1)

NAME

tsscreateekcert - Runs TPM2 createekcert

SYNOPSIS

createekcert -rsa 2048 -cakey cakey.pem -capwd rrrr -v
createekcert -ecc nistp256 -cakey cakeyecc.pem -capwd rrrr -caalg ec -v

DESCRIPTION

createekcert

Provisions an EK certificate using the default IWG template E.g.,

[-pwdp
platform hierarchy password (default empty)]
[-pwde
endorsement hierarchy password (default empty)]
[-pwdk
password for endorsement key (default empty)]
CA PEM key file name
[-capwd
CA PEM key password (default empty)]
[-caalg
CA key algorithm (rsa or ecc) (default rsa)]
[-high
Use the NV high range. Specify before algorithm]

-rsa keybits

2048 3072

-ecc curve

nistp256 nistp384 nistp521
[-noflush
do not flush the primary key]
[-of
DER certificate output file name]

Currently:

Certificate issuer, subject, and validity are hard coded.
November 2020 tsscreateekcert 1.6