1 .TH tpmtool 1 "08 Nov 2012" "@VERSION@" "User Commands"
3 .\" DO NOT EDIT THIS FILE (tpmtool-args.man)
5 .\" It has been AutoGen-ed November 8, 2012 at 11:35:17 PM by AutoGen 5.16
6 .\" From the definitions ../../src/tpmtool-args.def.tmp
7 .\" and the template file agman-cmd.tpl
10 tpmtool \- GnuTLS TPM tool
13 .\" Mixture of short (flag) options and long options
14 .RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=| ]\fIvalue\fP]]..."
16 All arguments must be options.
19 Program that allows handling cryptographic data from the TPM chip.
22 .BR \-d " \fInumber\fP, " \-\-debug "=" \fInumber\fP
24 This option takes an integer number as its argument.
25 The value of \fInumber\fP is constrained to being:
29 in the range 0 through 9999
33 Specifies the debug level.
35 .BR \-\-infile "=\fIfile\fP"
39 .BR \-\-outfile "=\fIstring\fP"
44 Generate an RSA private-public key pair.
46 Generates an RSA private-public key pair in the TPM chip.
47 The key may be stored in filesystem and protected by a PIN, or stored (registered)
48 in the TPM chip flash.
51 Any generated key will be registered in the TPM.
52 This option must appear in combination with the following options:
57 Any generated key will be a signing key.
58 This option must appear in combination with the following options:
60 This option must not appear in combination with any of the following options:
65 Any generated key will be a legacy key.
66 This option must appear in combination with the following options:
68 This option must not appear in combination with any of the following options:
73 Any registered key will be a user key.
74 This option must appear in combination with the following options:
76 This option must not appear in combination with any of the following options:
79 The generated key will be stored in a user specific persistent storage.
82 Any registred key will be a system key.
83 This option must appear in combination with the following options:
85 This option must not appear in combination with any of the following options:
88 The generated key will be stored in system persistent storage.
90 .BR \-\-pubkey "=\fIurl\fP"
91 Prints the public key of the provided key.
95 Lists all stored keys in the TPM.
98 .BR \-\-delete "=\fIurl\fP"
99 Delete the key identified by the given URL (UUID)..
102 .BR \-\-sec\-param "=\fIsecurity parameter\fP"
103 Specify the security level [low, legacy, normal, high, ultra]..
105 This is alternative to the bits option. Note however that the
106 values allowed by the TPM chip are quantized and given values may be rounded up.
108 .BR \-\-bits "=\fInumber\fP"
109 Specify the number of bits for key generate.
110 This option takes an integer number as its argument.
113 .BR \-\-inder, " \fB\-\-no\-inder\fP"
114 Use the DER format for keys..
115 The \fIno\-inder\fP form will disable the option.
117 The input files will be assumed to be in the portable
118 DER format of TPM. The default format is a custom format used by various
121 .BR \-\-outder, " \fB\-\-no\-outder\fP"
122 Use DER format for output keys.
123 The \fIno\-outder\fP form will disable the option.
125 The output will be in the TPM portable DER format.
127 .BR \-h , " \-\-help"
128 Display usage information and exit.
130 .BR \-! , " \-\-more-help"
131 Pass the extended usage information through a pager.
133 .BR \-v " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
134 Output version of program and exit. The default mode is `v', a simple
135 version. The `c' mode will print copyright information and `n' will
136 print the full copyright notice.
138 To generate a key that is to be stored in filesystem use:
142 $ tpmtool \-\-generate\-rsa \-\-bits 2048 \-\-outfile tpmkey.pem
146 To generate a key that is to be stored in TPM's flash use:
150 $ tpmtool \-\-generate\-rsa \-\-bits 2048 \-\-register \-\-user
154 To get the public key of a TPM key use:
158 $ tpmtool \-\-pubkey tpmkey:uuid=58ad734b\-bde6\-45c7\-89d8\-756a55ad1891;storage=user \
159 \-\-outfile pubkey.pem
163 or if the key is stored in the filesystem:
167 $ tpmtool \-\-pubkey tpmkey:file=tmpkey.pem \-\-outfile pubkey.pem
171 To list all keys stored in TPM use:
179 One of the following exit values will be returned:
181 .BR 0 " (EXIT_SUCCESS)"
182 Successful program execution.
184 .BR 1 " (EXIT_FAILURE)"
185 The operation failed or the command syntax was not valid.
187 p11tool (1), certtool (1)
189 Nikos Mavrogiannopoulos, Simon Josefsson and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
191 Copyright (C) 2000-2012 Free Software Foundation all rights reserved.
192 This program is released under the terms of the GNU General Public License, version 3 or later.
194 Please send bug reports to: bug-gnutls@gnu.org
196 This manual page was \fIAutoGen\fP-erated from the \fBtpmtool\fP