.TH "simple\-tpm\-pk11" "7" "1th December, 2013" "simple\-tpm\-pk11" ""
.SH "NAME"
simple\-tpm\-pk11 \- Simple PKCS11 provider for TPM chips
.PP 
.SH "DESCRIPTION"
\fIsimple\-tpm\-pk11\fP Is a PKCS11 provider for TPM chips\&. Its primary
purpose is to protect SSH client keys so that they can\(cq\&t be copied or
stolen if the machine they\(cq\&re on gets compromised\&.
.PP 
.SH "OPTIONS"
Since PKCS11 modules are \&.so files loaded by other binaries, they don\(cq\&t
take command line options\&. Instead \fIsimple\-tpm\-pk11\fP options can be
set up environment variables\&.
.IP "\fBSIMPLE_TPM_PK11_DEBUG\fP"
If set, enables debug level logging\&.
.IP "\fBSIMPLE_TPM_PK11_CONFIG\fP=/path/to/config"
Override default config location\&. Default is ~/\&.simple\-tpm\-pk11/config\&.
.IP "\fBSIMPLE_TPM_PK11_LOG_STDERR\fP"
If set, copies all log output to STDERR\&.

.PP 
.SH "CONFIGURATION FILE"
Configuration options are of the key/value variety, with comments lines
starting with \(dq\&#\(dq\&\&.
.IP "key \fIkey file\fP"
Full path to key file, or relative to ~/\&.simple\-tpm\-pk11\&.
This the only required configuration option\&.
.IP "debug"
Enable debug level logging\&.
.IP "srk_pin \fIPIN\fP"
Set SRK PIN\&. Default is the Well Known Secret (20 nulls)\&.
.IP "key_pin \fIPIN\fP"
Set key PIN\&.
.IP "log \fIlog file\fP"
Full path to log file, or relative to ~/\&.simple\-tpm\-pk11\&.

.PP 
.SH "EXAMPLES"
.nf
.sp
# Load key from ~/\&.simple\-tpm\-pk11/my\&.key\&.
key my\&.key
.PP 
# Load key from /keys/foo/my\&.key, and the empty string as SRK PIN\&.
key /keys/foo/my\&.key
srk_pin
.fi
.in
.PP 
.SH "TPM\-TROUBLESHOOTING"
TODO\&.
.PP 
.SH "DIAGNOSTICS"
Most errors will probably be related to interacting with the TPM chip\&.
Resetting the TPM chip and taking ownership should take care of most
of them\&. See the \fITPM\-TROUBLESHOOTING\fP section\&.
.PP 
.SH "BUGS"
The password is read from stdin without turning off echo\&. It should be
read from the terminal without echo\&.
.PP 
.SH "SEE ALSO"
\fBstpm\-keygen(1)\fP, \fBstpm\-sign(1)\fP
.PP 
.SH "AUTHOR"
Simple\-TPM\-PK11 was written By Thomas Habets <habets@google\&.com>
/ <thomas@habets\&.se>\&.
.PP 
git clone https://github\&.com/ThomasHabets/simple\-tpm\-pk11\&.git