TSSCERTIFYX509

Section: User Commands (1)
Updated: November 2020
Page Index
 

NAME

tsscertifyx509 - Runs TPM2 certifyx509  

DESCRIPTION

certifyx509

Runs TPM2_Certifyx509

-ho
object handle
[-pwdo
password for object (default empty)]
-hk
certifying key handle
[-pwdk
password for key (default empty)]
[-halg
(sha256, sha384) (default sha256)]
-rsa keybits
2048 3072
-ecc curve
nistp256 nistp384
[-ku
X509 key usage - string - comma separated, no spaces]
[-iob
TPMA_OBJECT - 4 byte hex] e.g. sign: critical,digitalSignature,keyCertSign,cRLSign (default) e.g. decrypt: critical,dataEncipherment,keyAgreement,encipherOnly,decipherOnly e.g. fixedTPM: critical,nonRepudiation e.g. parent (restrict decrypt): critical,keyEncipherment
[-bit
bit in partialCertificate to toggle]
[-sub
subject same as issuer for self signed (root) certificate]
[-opc
partial certificate file name (default do not save)]
[-oa
addedToCertificate file name (default do not save)]
[-otbs
signed tbsDigest file name (default do not save)]
[-os
signature file name (default do not save)]
[-ocert
reconstructed certificate file name (default do not save)]
-se[0-2] session handle / attributes (default PWAP)
01
continue
20
command decrypt
40
response encrypt


 

Index

NAME
DESCRIPTION