The pubkey-info option can be combined with the load-privkey to extract the public...
[gnutls.git] / src / tpmtool-args.def
blob48b01f6055c31d2478613b0581d23050bbea5e48
1 AutoGen Definitions options;
2 prog-name = tpmtool;
3 prog-title = "GnuTLS TPM tool";
4 prog-desc = "Program to handle TPM as a cryptographic device.\n";
5 detail = "Program that allows handling cryptographic data from the TPM chip.";
6 short-usage = "tpmtool [options]\ntpmtool --help for usage instructions.\n";
7 explain = "";
9 #define OUTFILE_OPT 1
10 #define INFILE_OPT 1
11 #include args-std.def
13 flag = {
14 name = generate-rsa;
15 descrip = "Generate an RSA private-public key pair";
16 doc = "Generates an RSA private-public key pair in the TPM chip.
17 The key may be stored in filesystem and protected by a PIN, or stored (registered)
18 in the TPM chip flash.";
21 flag = {
22 name = register;
23 descrip = "Any generated key will be registered in the TPM";
24 flags_must = generate-rsa;
25 doc = "";
28 flag = {
29 name = signing;
30 descrip = "Any generated key will be a signing key";
31 flags_must = generate-rsa;
32 flags_cant = legacy;
33 doc = "";
36 flag = {
37 name = legacy;
38 descrip = "Any generated key will be a legacy key";
39 flags_must = generate-rsa;
40 flags_cant = signing;
41 doc = "";
44 flag = {
45 name = user;
46 descrip = "Any registered key will be a user key";
47 flags_must = register;
48 flags_cant = system;
49 doc = "The generated key will be stored in a user specific persistent storage.";
52 flag = {
53 name = system;
54 descrip = "Any registred key will be a system key";
55 flags_must = register;
56 flags_cant = user;
57 doc = "The generated key will be stored in system persistent storage.";
61 flag = {
62 name = pubkey;
63 arg-type = string;
64 arg-name = "url";
65 descrip = "Prints the public key of the provided key";
66 doc = "";
69 flag = {
70 name = list;
71 descrip = "Lists all stored keys in the TPM";
72 doc = "";
75 flag = {
76 name = delete;
77 arg-type = string;
78 arg-name = "url";
79 descrip = "Delete the key identified by the given URL (UUID).";
80 doc = "";
83 flag = {
84 name = sec-param;
85 arg-type = string;
86 arg-name = "Security parameter";
87 descrip = "Specify the security level [low, legacy, normal, high, ultra].";
88 doc = "This is alternative to the bits option. Note however that the
89 values allowed by the TPM chip are quantized and given values may be rounded up.";
92 flag = {
93 name = bits;
94 arg-type = number;
95 descrip = "Specify the number of bits for key generate";
96 doc = "";
99 flag = {
100 name = inder;
101 descrip = "Use the DER format for keys.";
102 disabled;
103 disable = "no";
104 doc = "The input files will be assumed to be in the portable
105 DER format of TPM. The default format is a custom format used by various
106 TPM tools";
109 flag = {
110 name = outder;
111 descrip = "Use DER format for output keys";
112 disabled;
113 disable = "no";
114 doc = "The output will be in the TPM portable DER format.";
117 doc-section = {
118 ds-type = 'SEE ALSO';
119 ds-format = 'texi';
120 ds-text = <<-_EOT_
121 p11tool (1), certtool (1)
122 _EOT_;
125 doc-section = {
126 ds-type = 'EXAMPLES';
127 ds-format = 'texi';
128 ds-text = <<-_EOT_
129 To generate a key that is to be stored in filesystem use:
130 @example
131 $ tpmtool --generate-rsa --bits 2048 --outfile tpmkey.pem
132 @end example
134 To generate a key that is to be stored in TPM's flash use:
135 @example
136 $ tpmtool --generate-rsa --bits 2048 --register --user
137 @end example
139 To get the public key of a TPM key use:
140 @example
141 $ tpmtool --pubkey tpmkey:uuid=58ad734b-bde6-45c7-89d8-756a55ad1891;storage=user \
142 --outfile pubkey.pem
143 @end example
145 or if the key is stored in the filesystem:
146 @example
147 $ tpmtool --pubkey tpmkey:file=tmpkey.pem --outfile pubkey.pem
148 @end example
150 To list all keys stored in TPM use:
151 @example
152 $ tpmtool --list
153 @end example
154 _EOT_;