Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
tss2_createkey(1)	    General Commands Manual	     tss2_createkey(1)

NAME
       tss2_createkey(1) -

SYNOPSIS
       tss2_createkey [OPTIONS]

SEE ALSO
       fapi-config(5)  to  adjust  Fapi	parameters like	the used cryptographic
       profile and TCTI	or directories for the Fapi metadata storages.

       fapi-profile(5) to determine the	cryptographic algorithms  and  parame-
       ters for	all keys and operations	of a specific TPM interaction like the
       name hash algorithm, the	asymmetric signature algorithm,	scheme and pa-
       rameters	and PCR	bank selection.

DESCRIPTION
       tss2_createkey(1)  -  This  commands  creates  a	key inside the TPM and
       stores it in the	FAPI metadata store and	if requested persistently  in-
       side the	TPM.  Depending	on the specified key type, cryptographic algo-
       rithms  and parameters for the created key are determined by the	corre-
       sponding	cryptographic profile (cf., fapi-profile(5)).

OPTIONS
       These are the available options:

        -p, --path=STRING:

	 The path to the new key.

        -t, --type=STRING:

	 Identifies the	intended usage.	 Optional parameter.  Types may	be any
	 comma-separated combination of:

		- "sign": Sets the sign	attribute of a key.
		- "decrypt": Sets the decrypt attribute	of a key.
		- Hint:	If neither sign	nor decrypt are	provided, both attributes are set.
		- "restricted":	Sets the restricted attribute of a key.
		- Hint:	If restricted is set, sign or decrypt (but not both) need to be	set.
		- "exportable":	Clears the fixedTPM and	fixedParent attributes of a key	or
		  sealed object.
		- "noda": Sets the noda	attribute of a key or NV index.
		- "system": Stores the data blobs and metadata for a created key or seal
		  in the system-wide directory instead of user's personal directory.
		- A hexadecimal	number (e.g. "0x81000001"): Marks a key	object to be
		  made persistent and sets the persistent object handle	to this	value.

        -P, --policyPath=STRING:

	 The policy to be associated with the new  key.	  Optional  parameter.
	 If omitted then no policy will	be associated with the key.

	 A  policyPath is composed of two elements, separated by "/".  A poli-
	 cyPath	starts with "/policy".	The second path	element	identifies the
	 policy	or policy template using a meaningful name.

        -a, --authValue=STRING:

	 The new UTF-8 password.  Optional parameter.  If it is	neglected then
	 the user is queried interactively for a password.  To	set  no	 pass-
	 word,	this  option  should  be used with the empty string ("").  The
	 maximum password size is determined by	the digest size	of the	chosen
	 name  hash  algorithm	in  the	 cryptographic profile (cf., fapi-pro-
	 file(5)).  For	example, choosing SHA256  as  hash  algorithm,	allows
	 passwords of a	maximum	size of	32 characters.

COMMON OPTIONS
       This  collection	of options are common to all tss2 programs and provide
       information that	many users may expect.

        -h, --help [man|no-man]: Display the tools manpage.  By  default,  it
	 attempts  to  invoke  the  manpager for the tool, however, on failure
	 will output a short tool summary.  This is the	same behavior  if  the
	 "man"	option argument	is specified, however if explicit "man"	is re-
	 quested, the tool will	provide	errors from man	 on  stderr.   If  the
	 "no-man"  option  if  specified, or the manpager fails, the short op-
	 tions will be output to stdout.

	 To successfully use the manpages feature requires the manpages	to  be
	 installed or on MANPATH, See man(1) for more details.

        -v,  --version:  Display version information for this tool, supported
	 tctis and exit.

EXAMPLE
   Create a key	without	password
	      tss2_createkey --path=HS/SRK/myRsaCryptKey --type="noDa, decrypt"	--authValue=""

   Create a key, ask for password on the command line
	      tss2_createkey --path=HS/SRK/myRsaCryptKey --type="noDa, decrypt"

   Create a key	with password "abc".
	      tss2_createkey --path=HS/SRK/myRsaCryptKey --type="noDa, decrypt"	--authValue=abc

RETURNS
       0 on success or 1 on failure.

BUGS
       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)

HELP
       See the Mailing List (https://lists.linuxfoundation.org/mailman/listin-
       fo/tpm2)

tpm2-tools			  APRIL	2019		     tss2_createkey(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=tss2_createkey&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help