NAME¶
stpm-exfiltrate - Extract key from TPM chip
SYNOPSIS¶
stpm-exfiltrate [ -hOps ] -k
key file
DESCRIPTION¶
stpm-exfiltrate extracts a key that is otherwise protected by the TPM
chip. This only works if the key is "migratable" (meaning it was
generated in software), and the TPM owner password is known.
This is why you should generate keys in hardware (the default) with stpm-keygen
and not use its -S option.
OPTIONS¶
- -h
- Show usage info.
- -k key file
- Key blob file to read.
- -O
- Use Well Known Secret for owner password. Default is ask.
- -p
- Ask for key PIN / password. Default is Well Known Secret.
- -o
- Ask for SRK PIN / password. Default is Well Known Secret.
EXAMPLES¶
stpm-exfiltrate -k ~/.simple-tpm-pk11/my.key
Enter owner password: blah blah
[ ... key data here ...]
stpm-exfiltrate -p -k ~/.simple-tpm-pk11/my.key
Enter owner password: blah blah
Enter key PIN: my secret password here
[ ... key data here ...]
stpm-exfiltrate -sp -k ~/.simple-tpm-pk11/my.key
Enter owner password: blah blah
Enter key PIN: my secret password here
Enter SRK PIN: 12345678
[ ... key data here ...]
DIAGNOSTICS¶
Most errors will probably be related to interacting with the TPM chip. Resetting
the TPM chip and taking ownership should take care of most of them. See the
TPM-TROUBLESHOOTING section of
simple-tpm-pk11(7).
SEE ALSO¶
simple-tpm-pk11(7),
stpm-sign(1),
stpm-keygen.
AUTHOR¶
Simple-TPM-PK11 was written By Thomas Habets <habets@google.com> /
<thomas@habets.se>.
git clone
https://github.com/ThomasHabets/simple-tpm-pk11.git