TSSCREATEPRIMARY
Section: User Commands (1)
Updated: November 2020
Page Index
NAME
tsscreateprimary - Runs TPM2 createprimary
DESCRIPTION
createprimary creates a primary storage key
Runs TPM2_CreatePrimary
- [-hi
-
hierarchy (e, o, p, n) (default null)]
- [-pwdp
-
password for hierarchy (default empty)]
- [-pwdpi
-
password file name for hierarchy (default empty)]
- [-pwdk
-
password for key (default empty)]
- [-iu
-
inPublic unique field file (default none)]
- [-opu
-
public key file name (default do not save)]
- [-opem
-
public key PEM format file name (default do not save)]
- [-tk
-
output ticket file name]
- [-ch
-
output creation hash file name]
-
[Asymmetric Key Algorithm]
-
-rsa [keybits] (default)
-
(2048 default)
-
-ecc curve
-
- bnp256
nistp256
nistp384
-
Key attributes
- -bl
-
data blob for unseal (create only)
requires -if
- -den
-
decryption, (unrestricted, RSA and EC NULL scheme)
- -deo
-
decryption, (unrestricted, RSA OAEP, EC NULL scheme)
- -dee
-
decryption, (unrestricted, RSA ES, EC NULL scheme)
- -des
-
encryption/decryption, AES symmetric
[-116 for TPM rev 116 compatibility]
- -st
-
storage (restricted)
[default for primary keys]
- -si
-
unrestricted signing (RSA and EC NULL scheme)
- -sir
-
restricted signing (RSA RSASSA, EC ECDSA scheme)
- -dau
-
unrestricted ECDAA signing key pair
- -dar
-
restricted ECDAA signing key pair
- -kh
-
keyed hash (unrestricted, hmac)
- -khr
-
keyed hash (restricted, hmac)
- -dp
-
derivation parent
- -gp
-
general purpose, not storage
- [-kt
-
(can be specified more than once)]
f fixedTPM (default for primary keys and derivation parents)
p fixedParent (default for primary keys and derivation parents)
nf no fixedTPM (default for non-primary keys)
np no fixedParent (default for non-primary keys)
ed encrypted duplication (default not set)
- [-da
-
object subject to DA protection (default no)]
- [-pol
-
policy file (default empty)]
- [-uwa
-
userWithAuth attribute clear (default set)]
- [-if
-
data (inSensitive) file name]
- [-nalg
-
name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
- [-halg
-
scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
-
-se[0-2] session handle / attributes (default PWAP)
- 01
-
continue
- 20
-
command decrypt
- 40
-
response encrypt