.TH tpmtool 1 "18 Sep 2014" "3.2.18" "User Commands" .\" .\" DO NOT EDIT THIS FILE (tpmtool-args.man) .\" .\" It has been AutoGen-ed September 18, 2014 at 02:03:15 PM by AutoGen 5.18.3 .\" From the definitions tpmtool-args.def.tmp .\" and the template file agman-cmd.tpl .\" .SH NAME tpmtool \- GnuTLS TPM tool .SH SYNOPSIS .B tpmtool .\" Mixture of short (flag) options and long options .RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..." .PP All arguments must be options. .PP .SH "DESCRIPTION" Program that allows handling cryptographic data from the TPM chip. .SH "OPTIONS" .TP .BR \-d " \fInumber\fP, " \-\-debug "=" \fInumber\fP Enable debugging. This option takes an integer number as its argument. The value of \fInumber\fP is constrained to being: .in +4 .nf .na in the range 0 through 9999 .fi .in -4 .sp Specifies the debug level. .TP .BR \-\-infile "=\fIfile\fP" Input file. .sp .TP .BR \-\-outfile "=\fIstring\fP" Output file. .sp .TP .BR \-\-generate\-rsa Generate an RSA private-public key pair. .sp Generates an RSA private-public key pair in the TPM chip. The key may be stored in filesystem and protected by a PIN, or stored (registered) in the TPM chip flash. .TP .BR \-\-register Any generated key will be registered in the TPM. This option must appear in combination with the following options: generate-rsa. .sp .TP .BR \-\-signing Any generated key will be a signing key. This option must appear in combination with the following options: generate-rsa. This option must not appear in combination with any of the following options: legacy. .sp .TP .BR \-\-legacy Any generated key will be a legacy key. This option must appear in combination with the following options: generate-rsa. This option must not appear in combination with any of the following options: signing. .sp .TP .BR \-\-user Any registered key will be a user key. This option must appear in combination with the following options: register. This option must not appear in combination with any of the following options: system. .sp The generated key will be stored in a user specific persistent storage. .TP .BR \-\-system Any registred key will be a system key. This option must appear in combination with the following options: register. This option must not appear in combination with any of the following options: user. .sp The generated key will be stored in system persistent storage. .TP .BR \-\-pubkey "=\fIurl\fP" Prints the public key of the provided key. .sp .TP .BR \-\-list Lists all stored keys in the TPM. .sp .TP .BR \-\-delete "=\fIurl\fP" Delete the key identified by the given URL (UUID).. .sp .TP .BR \-\-sec\-param "=\fIsecurity parameter\fP" Specify the security level [low, legacy, normal, high, ultra].. .sp This is alternative to the bits option. Note however that the values allowed by the TPM chip are quantized and given values may be rounded up. .TP .BR \-\-bits "=\fInumber\fP" Specify the number of bits for key generate. This option takes an integer number as its argument. .sp .TP .BR \-\-inder, " \fB\-\-no\-inder\fP" Use the DER format for keys.. The \fIno\-inder\fP form will disable the option. .sp The input files will be assumed to be in the portable DER format of TPM. The default format is a custom format used by various TPM tools .TP .BR \-\-outder, " \fB\-\-no\-outder\fP" Use DER format for output keys. The \fIno\-outder\fP form will disable the option. .sp The output will be in the TPM portable DER format. .TP .BR \-h , " \-\-help" Display usage information and exit. .TP .BR \-! , " \-\-more-help" Pass the extended usage information through a pager. .TP .BR \-v " [{\fIv|c|n\fP}]," " \-\-version" "[={\fIv|c|n\fP}]" Output version of program and exit. The default mode is `v', a simple version. The `c' mode will print copyright information and `n' will print the full copyright notice. .SH EXAMPLES To generate a key that is to be stored in filesystem use: .br .in +4 .nf $ tpmtool \-\-generate\-rsa \-\-bits 2048 \-\-outfile tpmkey.pem .in -4 .fi .sp To generate a key that is to be stored in TPM's flash use: .br .in +4 .nf $ tpmtool \-\-generate\-rsa \-\-bits 2048 \-\-register \-\-user .in -4 .fi .sp To get the public key of a TPM key use: .br .in +4 .nf $ tpmtool \-\-pubkey tpmkey:uuid=58ad734b\-bde6\-45c7\-89d8\-756a55ad1891;storage=user \ \-\-outfile pubkey.pem .in -4 .fi .sp or if the key is stored in the filesystem: .br .in +4 .nf $ tpmtool \-\-pubkey tpmkey:file=tmpkey.pem \-\-outfile pubkey.pem .in -4 .fi .sp To list all keys stored in TPM use: .br .in +4 .nf $ tpmtool \-\-list .in -4 .fi .SH "EXIT STATUS" One of the following exit values will be returned: .TP .BR 0 " (EXIT_SUCCESS)" Successful program execution. .TP .BR 1 " (EXIT_FAILURE)" The operation failed or the command syntax was not valid. .TP .BR 70 " (EX_SOFTWARE)" libopts had an internal operational error. Please report it to autogen-users@lists.sourceforge.net. Thank you. .SH "SEE ALSO" p11tool (1), certtool (1) .SH "AUTHORS" Nikos Mavrogiannopoulos, Simon Josefsson and others; see /usr/share/doc/gnutls/AUTHORS for a complete list. .SH "COPYRIGHT" Copyright (C) 2000-2014 Free Software Foundation, and others all rights reserved. This program is released under the terms of the GNU General Public License, version 3 or later. .SH "BUGS" Please send bug reports to: bugs@gnutls.org .SH "NOTES" This manual page was \fIAutoGen\fP-erated from the \fBtpmtool\fP option definitions.