tsscreateloaded - Man Page
Runs tsscreateloaded
Description
tsscreateloaded
Runs TPM2_CreateLoaded
-hp parent handle (can be hierarchy)
40000001 Owner 4000000c Platform 4000000b Endorsement
[Asymmetric Key Algorithm]
-rsa [keybits] (default)
(2048 default)
-ecc curve
bnp256 nistp256 nistp384
- Key attributes
- -bl
data blob for unseal (create only) requires -if
- -den
decryption, (unrestricted, RSA and EC NULL scheme)
- -deo
decryption, (unrestricted, RSA OAEP, EC NULL scheme)
- -dee
decryption, (unrestricted, RSA ES, EC NULL scheme)
- -des
encryption/decryption, AES symmetric [-116 for TPM rev 116 compatibility]
- -st
storage (restricted) [default for primary keys]
- -si
unrestricted signing (RSA and EC NULL scheme)
- -sir
restricted signing (RSA RSASSA, EC ECDSA scheme)
- -dau
unrestricted ECDAA signing key pair
- -dar
restricted ECDAA signing key pair
- -kh
keyed hash (unrestricted, hmac)
- -khr
keyed hash (restricted, hmac)
- -dp
derivation parent
- -gp
general purpose, not storage
- [-kt
(can be specified more than once)]
f fixedTPM (default for primary keys and derivation parents)
p fixedParent (default for primary keys and derivation parents)
nf no fixedTPM (default for non-primary keys)
np no fixedParent (default for non-primary keys)
ed encrypted duplication (default not set)
- [-da
object subject to DA protection (default no)]
- [-pol
policy file (default empty)]
- [-uwa
userWithAuth attribute clear (default set)]
- [-if
data (inSensitive) file name]
- [-nalg
name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
- [-halg
scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
- [-der
object's parent is a derivation parent]
- [-pwdk
password for key (default empty)]
- [-pwdp
password for parent key (default empty)]
- [-opu
public key file name (default do not save)]
- [-opr
private key file name (default do not save)]
- [-opem
public key PEM format file name (default do not save)]
-se[0-2] session handle / attributes (default PWAP)
01 continue
20 command decrypt
40 response encrypt
Depending on the build configuration, some hash algorithms may not be available.