Scroll to navigation

TSSCREATEPRIMARY(1) User Commands TSSCREATEPRIMARY(1)

NAME

tsscreateprimary - Runs TPM2 createprimary

DESCRIPTION

createprimary creates a primary storage key

Runs TPM2_CreatePrimary

[-hi
hierarchy (e, o, p, n) (default null)]
[-pwdp
password for hierarchy (default empty)]
[-pwdpi
password file name for hierarchy (default empty)]
[-pwdk
password for key (default empty)]
[-iu
inPublic unique field file (default none)]
[-opu
public key file name (default do not save)]
[-opem
public key PEM format file name (default do not save)]
[-tk
output ticket file name]
[-ch
output creation hash file name]
[Asymmetric Key Algorithm]

-rsa [keybits] (default)

(2048 default)

-ecc curve

bnp256 nistp256 nistp384
Key attributes
data blob for unseal (create only) requires -if
decryption, (unrestricted, RSA and EC NULL scheme)
decryption, (unrestricted, RSA OAEP, EC NULL scheme)
decryption, (unrestricted, RSA ES, EC NULL scheme)
encryption/decryption, AES symmetric [-116 for TPM rev 116 compatibility]
storage (restricted) [default for primary keys]
unrestricted signing (RSA and EC NULL scheme)
restricted signing (RSA RSASSA, EC ECDSA scheme)
unrestricted ECDAA signing key pair
restricted ECDAA signing key pair
keyed hash (unrestricted, hmac)
keyed hash (restricted, hmac)
derivation parent
general purpose, not storage
[-kt
(can be specified more than once)] f fixedTPM (default for primary keys and derivation parents) p fixedParent (default for primary keys and derivation parents) nf no fixedTPM (default for non-primary keys) np no fixedParent (default for non-primary keys) ed encrypted duplication (default not set)
[-da
object subject to DA protection (default no)]
[-pol
policy file (default empty)]
[-uwa
userWithAuth attribute clear (default set)]
[-if
data (inSensitive) file name]
[-nalg
name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
[-halg
scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]

-se[0-2] session handle / attributes (default PWAP)

01
continue
20
command decrypt
40
response encrypt
November 2020 tsscreateprimary 1.6