| blob | 455f1aa861f31b8db42b16e2229008ff0e4a20b7 |
1 .TH tpmtool 1 "08 Nov 2012" "@VERSION@" "User Commands"
2 .\"
3 .\" DO NOT EDIT THIS FILE (tpmtool-args.man)
4 .\"
5 .\" It has been AutoGen-ed November 8, 2012 at 11:35:17 PM by AutoGen 5.16
6 .\" From the definitions ../../src/tpmtool-args.def.tmp
7 .\" and the template file agman-cmd.tpl
8 .\"
9 .SH NAME
10 tpmtool \- GnuTLS TPM tool
11 .SH SYNOPSIS
12 .B tpmtool
13 .\" Mixture of short (flag) options and long options
14 .RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=| ]\fIvalue\fP]]..."
15 .PP
16 All arguments must be options.
17 .PP
18 .SH "DESCRIPTION"
19 Program that allows handling cryptographic data from the TPM chip.
20 .SH "OPTIONS"
21 .TP
22 .BR \-d " \fInumber\fP, " \-\-debug "=" \fInumber\fP
23 Enable debugging..
24 This option takes an integer number as its argument.
25 The value of \fInumber\fP is constrained to being:
26 .in +4
27 .nf
28 .na
29 in the range 0 through 9999
30 .fi
31 .in -4
32 .sp
33 Specifies the debug level.
34 .TP
35 .BR \-\-infile "=\fIfile\fP"
36 Input file.
37 .sp
38 .TP
39 .BR \-\-outfile "=\fIstring\fP"
40 Output file.
41 .sp
42 .TP
43 .BR \-\-generate\-rsa
44 Generate an RSA private-public key pair.
45 .sp
46 Generates an RSA private-public key pair in the TPM chip.
47 The key may be stored in filesystem and protected by a PIN, or stored (registered)
48 in the TPM chip flash.
49 .TP
50 .BR \-\-register
51 Any generated key will be registered in the TPM.
52 This option must appear in combination with the following options:
53 generate-rsa.
54 .sp
55 .TP
56 .BR \-\-signing
57 Any generated key will be a signing key.
58 This option must appear in combination with the following options:
59 generate-rsa.
60 This option must not appear in combination with any of the following options:
61 legacy.
62 .sp
63 .TP
64 .BR \-\-legacy
65 Any generated key will be a legacy key.
66 This option must appear in combination with the following options:
67 generate-rsa.
68 This option must not appear in combination with any of the following options:
69 signing.
70 .sp
71 .TP
72 .BR \-\-user
73 Any registered key will be a user key.
74 This option must appear in combination with the following options:
75 register.
76 This option must not appear in combination with any of the following options:
77 system.
78 .sp
79 The generated key will be stored in a user specific persistent storage.
80 .TP
81 .BR \-\-system
82 Any registred key will be a system key.
83 This option must appear in combination with the following options:
84 register.
85 This option must not appear in combination with any of the following options:
86 user.
87 .sp
88 The generated key will be stored in system persistent storage.
89 .TP
90 .BR \-\-pubkey "=\fIurl\fP"
91 Prints the public key of the provided key.
92 .sp
93 .TP
94 .BR \-\-list
95 Lists all stored keys in the TPM.
96 .sp
97 .TP
98 .BR \-\-delete "=\fIurl\fP"
99 Delete the key identified by the given URL (UUID)..
100 .sp
101 .TP
102 .BR \-\-sec\-param "=\fIsecurity parameter\fP"
103 Specify the security level [low, legacy, normal, high, ultra]..
104 .sp
105 This is alternative to the bits option. Note however that the
106 values allowed by the TPM chip are quantized and given values may be rounded up.
107 .TP
108 .BR \-\-bits "=\fInumber\fP"
109 Specify the number of bits for key generate.
110 This option takes an integer number as its argument.
111 .sp
112 .TP
113 .BR \-\-inder, " \fB\-\-no\-inder\fP"
114 Use the DER format for keys..
115 The \fIno\-inder\fP form will disable the option.
116 .sp
117 The input files will be assumed to be in the portable
118 DER format of TPM. The default format is a custom format used by various
119 TPM tools
120 .TP
121 .BR \-\-outder, " \fB\-\-no\-outder\fP"
122 Use DER format for output keys.
123 The \fIno\-outder\fP form will disable the option.
124 .sp
125 The output will be in the TPM portable DER format.
126 .TP
127 .BR \-h , " \-\-help"
128 Display usage information and exit.
129 .TP
130 .BR \-! , " \-\-more-help"
131 Pass the extended usage information through a pager.
132 .TP
133 .BR \-v " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
134 Output version of program and exit. The default mode is `v', a simple
135 version. The `c' mode will print copyright information and `n' will
136 print the full copyright notice.
137 .SH EXAMPLES
138 To generate a key that is to be stored in filesystem use:
139 .br
140 .in +4
141 .nf
142 $ tpmtool \-\-generate\-rsa \-\-bits 2048 \-\-outfile tpmkey.pem
143 .in -4
144 .fi
145 .sp
146 To generate a key that is to be stored in TPM's flash use:
147 .br
148 .in +4
149 .nf
150 $ tpmtool \-\-generate\-rsa \-\-bits 2048 \-\-register \-\-user
151 .in -4
152 .fi
153 .sp
154 To get the public key of a TPM key use:
155 .br
156 .in +4
157 .nf
158 $ tpmtool \-\-pubkey tpmkey:uuid=58ad734b\-bde6\-45c7\-89d8\-756a55ad1891;storage=user \
159 \-\-outfile pubkey.pem
160 .in -4
161 .fi
162 .sp
163 or if the key is stored in the filesystem:
164 .br
165 .in +4
166 .nf
167 $ tpmtool \-\-pubkey tpmkey:file=tmpkey.pem \-\-outfile pubkey.pem
168 .in -4
169 .fi
170 .sp
171 To list all keys stored in TPM use:
172 .br
173 .in +4
174 .nf
175 $ tpmtool \-\-list
176 .in -4
177 .fi
178 .SH "EXIT STATUS"
179 One of the following exit values will be returned:
180 .TP
181 .BR 0 " (EXIT_SUCCESS)"
182 Successful program execution.
183 .TP
184 .BR 1 " (EXIT_FAILURE)"
185 The operation failed or the command syntax was not valid.
186 .SH "SEE ALSO"
187 p11tool (1), certtool (1)
188 .SH "AUTHORS"
189 Nikos Mavrogiannopoulos, Simon Josefsson and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
190 .SH "COPYRIGHT"
191 Copyright (C) 2000-2012 Free Software Foundation all rights reserved.
192 This program is released under the terms of the GNU General Public License, version 3 or later.
193 .SH "BUGS"
194 Please send bug reports to: bug-gnutls@gnu.org
195 .SH "NOTES"
196 This manual page was \fIAutoGen\fP-erated from the \fBtpmtool\fP
197 option definitions.