TSSCERTIFYX509
Section: User Commands (1)
Updated: November 2020
Page Index
NAME
tsscertifyx509 - Runs TPM2 certifyx509
DESCRIPTION
certifyx509
Runs TPM2_Certifyx509
- -ho
-
object handle
- [-pwdo
-
password for object (default empty)]
- -hk
-
certifying key handle
- [-pwdk
-
password for key (default empty)]
- [-halg
-
(sha256, sha384) (default sha256)]
-
-rsa keybits
-
- 2048
3072
-
-ecc curve
-
- nistp256
nistp384
- [-ku
-
X509 key usage - string - comma separated, no spaces]
- [-iob
-
TPMA_OBJECT - 4 byte hex]
e.g. sign: critical,digitalSignature,keyCertSign,cRLSign (default)
e.g. decrypt: critical,dataEncipherment,keyAgreement,encipherOnly,decipherOnly
e.g. fixedTPM: critical,nonRepudiation
e.g. parent (restrict decrypt): critical,keyEncipherment
- [-bit
-
bit in partialCertificate to toggle]
- [-sub
-
subject same as issuer for self signed (root) certificate]
- [-opc
-
partial certificate file name (default do not save)]
- [-oa
-
addedToCertificate file name (default do not save)]
- [-otbs
-
signed tbsDigest file name (default do not save)]
- [-os
-
signature file name (default do not save)]
- [-ocert
-
reconstructed certificate file name (default do not save)]
-
-se[0-2] session handle / attributes (default PWAP)
- 01
-
continue
- 20
-
command decrypt
- 40
-
response encrypt