NAME¶

tpmtool - GnuTLS TPM tool

SYNOPSIS¶

tpmtool [ -flags] [ -flag [value]] [ --option-name[[=| ] value]] All arguments must be options.

DESCRIPTION¶

Program that allows handling cryptographic data from the TPM chip.

OPTIONS¶

-d number, --debug=number

 

Enable debugging. This option takes an integer number as its argument. The value of number is constrained to being:

in the range  0 through 9999
    

Specifies the debug level.

--infile=file

 

Input file.

--outfile=string

 

Output file.

--generate-rsa

 

Generate an RSA private-public key pair.

Generates an RSA private-public key pair in the TPM chip. The key may be stored in filesystem and protected by a PIN, or stored (registered) in the TPM chip flash.

--register

 

Any generated key will be registered in the TPM. This option must appear in combination with the following options: generate-rsa.

--signing

 

Any generated key will be a signing key. This option must appear in combination with the following options: generate-rsa. This option must not appear in combination with any of the following options: legacy.

--legacy

 

Any generated key will be a legacy key. This option must appear in combination with the following options: generate-rsa. This option must not appear in combination with any of the following options: signing.

--user

 

Any registered key will be a user key. This option must appear in combination with the following options: register. This option must not appear in combination with any of the following options: system.

The generated key will be stored in a user specific persistent storage.

--system

 

Any registred key will be a system key. This option must appear in combination with the following options: register. This option must not appear in combination with any of the following options: user.

The generated key will be stored in system persistent storage.

--pubkey=url

 

Prints the public key of the provided key.

--list

 

Lists all stored keys in the TPM.

--delete=url

 

Delete the key identified by the given URL (UUID)..

--sec-param=security parameter

 

Specify the security level [low, legacy, medium, high, ultra]..

This is alternative to the bits option. Note however that the values allowed by the TPM chip are quantized and given values may be rounded up.

--bits=number

 

Specify the number of bits for key generate. This option takes an integer number as its argument.

--inder, - Fl -no-inder

 

Use the DER format for keys.. The no-inder form will disable the option.

The input files will be assumed to be in the portable DER format of TPM. The default format is a custom format used by various TPM tools

--outder, - Fl -no-outder

 

Use DER format for output keys. The no-outder form will disable the option.

The output will be in the TPM portable DER format.

-h, --help

 

Display usage information and exit.

-!, --more-help

 

Pass the extended usage information through a pager.

-v [{v|c|n --version [{v|c|n}]}]

 

Output version of program and exit. The default mode is `v', a simple version. The `c' mode will print copyright information and `n' will print the full copyright notice.

EXAMPLES¶

To generate a key that is to be stored in filesystem use:

$ tpmtool --generate-rsa --bits 2048 --outfile tpmkey.pem

To generate a key that is to be stored in TPM's flash use:

$ tpmtool --generate-rsa --bits 2048 --register --user

To get the public key of a TPM key use:

$ tpmtool --pubkey tpmkey:uuid=58ad734b-bde6-45c7-89d8-756a55ad1891;storage=user           --outfile pubkey.pem

or if the key is stored in the filesystem:

$ tpmtool --pubkey tpmkey:file=tmpkey.pem --outfile pubkey.pem

To list all keys stored in TPM use:

$ tpmtool --list

EXIT STATUS¶

One of the following exit values will be returned:

0 (EXIT_SUCCESS)

 

Successful program execution.

1 (EXIT_FAILURE)

 

The operation failed or the command syntax was not valid.

70 (EX_SOFTWARE)

 

libopts had an internal operational error. Please report it to autogen-users@lists.sourceforge.net. Thank you.

SEE ALSO¶

p11tool (1), certtool (1)

AUTHORS¶

Nikos Mavrogiannopoulos, Simon Josefsson and others; see /usr/share/doc/gnutls/AUTHORS for a complete list.

COPYRIGHT¶

Copyright (C) 2000-2014 Free Software Foundation, and others all rights reserved. This program is released under the terms of the GNU General Public License, version 3 or later.

BUGS¶

Please send bug reports to: bugs@gnutls.org

NOTES¶

This manual page was AutoGen-erated from the tpmtool option definitions.