TSSCREATEPRIMARY

Section: User Commands (1)
Updated: November 2020
Page Index
 

NAME

tsscreateprimary - Runs TPM2 createprimary  

DESCRIPTION

createprimary creates a primary storage key

Runs TPM2_CreatePrimary

[-hi
hierarchy (e, o, p, n) (default null)]
[-pwdp
password for hierarchy (default empty)]
[-pwdpi
password file name for hierarchy (default empty)]
[-pwdk
password for key (default empty)]
[-iu
inPublic unique field file (default none)]
[-opu
public key file name (default do not save)]
[-opem
public key PEM format file name (default do not save)]
[-tk
output ticket file name]
[-ch
output creation hash file name]
[Asymmetric Key Algorithm]
-rsa [keybits] (default)
(2048 default)
-ecc curve
bnp256 nistp256 nistp384
Key attributes
-bl
data blob for unseal (create only) requires -if
-den
decryption, (unrestricted, RSA and EC NULL scheme)
-deo
decryption, (unrestricted, RSA OAEP, EC NULL scheme)
-dee
decryption, (unrestricted, RSA ES, EC NULL scheme)
-des
encryption/decryption, AES symmetric [-116 for TPM rev 116 compatibility]
-st
storage (restricted) [default for primary keys]
-si
unrestricted signing (RSA and EC NULL scheme)
-sir
restricted signing (RSA RSASSA, EC ECDSA scheme)
-dau
unrestricted ECDAA signing key pair
-dar
restricted ECDAA signing key pair
-kh
keyed hash (unrestricted, hmac)
-khr
keyed hash (restricted, hmac)
-dp
derivation parent
-gp
general purpose, not storage
[-kt
(can be specified more than once)] f fixedTPM (default for primary keys and derivation parents) p fixedParent (default for primary keys and derivation parents) nf no fixedTPM (default for non-primary keys) np no fixedParent (default for non-primary keys) ed encrypted duplication (default not set)
[-da
object subject to DA protection (default no)]
[-pol
policy file (default empty)]
[-uwa
userWithAuth attribute clear (default set)]
[-if
data (inSensitive) file name]
[-nalg
name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
[-halg
scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
-se[0-2] session handle / attributes (default PWAP)
01
continue
20
command decrypt
40
response encrypt


 

Index

NAME
DESCRIPTION