table of contents
| TSSCREATEEKCERT(1) | User Commands | TSSCREATEEKCERT(1) |
NAME¶
tsscreateekcert - Runs TPM2 createekcert
SYNOPSIS¶
createekcert -rsa 2048 -cakey cakey.pem -capwd rrrr
-v
createekcert -ecc nistp256 -cakey cakeyecc.pem -capwd rrrr -caalg ec
-v
DESCRIPTION¶
createekcert
Provisions an EK certificate using the default IWG template E.g.,
- [-pwdp
- platform hierarchy password (default empty)]
- [-pwde
- endorsement hierarchy password (default empty)]
- [-pwdk
- password for endorsement key (default empty)]
- -cakey
- CA PEM key file name
- [-capwd
- CA PEM key password (default empty)]
- [-caalg
- CA key algorithm (rsa or ecc) (default rsa)]
- [-high
- Use the NV high range. Specify before algorithm]
-rsa keybits
- 2048 3072
-ecc curve
- nistp256 nistp384 nistp521
- [-noflush
- do not flush the primary key]
- [-of
- DER certificate output file name]
Currently:
- Certificate issuer, subject, and validity are hard coded.
| November 2020 | tsscreateekcert 1.6 |