.\" Copyright (C) 2005 International Business Machines Corporation .\" .de Sh \" Subsection .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. .TH "tpmtoken_protect" 1 "2005-04-25" "TPM Management" .ce 1 TPM Management - tpmtoken_protect .SH NAME tpmtoken_protect \- encrypt or decrypt data using a symmetric key stored in the user's TPM PKCS#11 data store .SH "SYNOPSIS" .ad l .hy 0 .B tpmtoken_protect [ OPTION ] .SH "DESCRIPTION" .PP \fBtpmtoken_protect\fR will encrypt or decrypt data using a symmetric key that is stored in the user's data store. The key used to protect the data is a 256-bit AES key stored as a private Secret Key PKCS#11 object. The object has the PKCS#11 label attribute of \'User Data Protection Key\'. The key is generated by the TPM PKCS#11 implementation when it is needed the first time. Since it is generated as a private object, it is protected by the TPM on the platform. .PP This command requires the \'-i\' and \'-o\' command options to be specified. .TP \fB\-h\fR, \fB\-\-help\fR Display command usage info. .TP \fB-v\fR, \fB\-\-version\fR Display command version info. .TP \fB-l\fR, \fB\-\-log\fR [none|error|info|debug] Set logging level. .TP \fB-d\fR, \fB\-\-decrypt\fR Perform a decryption operation .TP \fB-e\fR, \fB\-\-encrypt\fR Perform an encryption operation .TP \fB-i\fR, \fB\-\-infile\fR FILE Use FILE as the input to the specified operation .TP \fB-k\fR, \fB\-\-token\fR STRING Use STRING to identify the label of the PKCS#11 token to be used .TP \fB-o\fR, \fB\-\-outfile\fR FILE Use FILE as the output of the specified operation .SH "SEE ALSO" .PP \fBtpmtoken_init\fR(1), \fBtpmtoken_import\fR(1), \fBtpmtoken_setpasswd\fR(1), \fBtpmtoken_objects\fR(1) .SH "REPORTING BUGS" Report bugs to