Section: User Commands (1)
Updated: August 2018
Page Index


createprimary - Runs TPM2 createprimary  


createprimary creates a primary storage key

Runs TPM2_CreatePrimary

hierarchy (e, o, p, n) (default null)]
password for hierarchy (default empty)]
password file name for hierarchy (default empty)]
password for key (default empty)]
inPublic unique field file (default none)]
public key file name (default do not save)]
public key PEM format file name (default do not save)]
output ticket file name]
output creation hash file name]
[Asymmetric Key Algorithm]
-rsa (default)
-ecc curve
bnp256 nistp256 nistp384
Key attributes
data blob for unseal (create only) -if data file name
decryption, (unrestricted, RSA and EC NULL scheme)
decryption, (unrestricted, RSA OAEP, EC NULL scheme)
encryption/decryption, AES symmetric [-116 for TPM rev 116 compatibility]
storage (restricted) [default for primary keys]
unrestricted signing (RSA and EC NULL scheme)
restricted signing (RSA RSASSA, EC ECDSA scheme)
unrestricted ECDAA signing key pair
restricted ECDAA signing key pair
keyed hash (hmac)
derivation parent
general purpose, not storage
(can be specified more than once)] f fixedTPM (default for primary keys and derivation parents) p fixedParent (default for primary keys and derivation parents) nf no fixedTPM (default for non-primary keys) np no fixedParent (default for non-primary keys)
object subject to DA protection (default no)]
policy file (default empty)]
userWithAuth attribute clear (default set)]
name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
-se[0-2] session handle / attributes (default PWAP)
command decrypt
response encrypt



LinuxReviews : manual page archive : man1