| .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. |
| .TH CREATEPRIMARY "1" "March 2020" "createprimary 1.3" "User Commands" |
| .SH NAME |
| createprimary \- Runs TPM2 createprimary |
| .SH DESCRIPTION |
| createprimary creates a primary storage key |
| .PP |
| Runs TPM2_CreatePrimary |
| .TP |
| [\-hi |
| hierarchy (e, o, p, n) (default null)] |
| .TP |
| [\-pwdp |
| password for hierarchy (default empty)] |
| .TP |
| [\-pwdpi |
| password file name for hierarchy (default empty)] |
| .TP |
| [\-pwdk |
| password for key (default empty)] |
| .TP |
| [\-iu |
| inPublic unique field file (default none)] |
| .TP |
| [\-opu |
| public key file name (default do not save)] |
| .TP |
| [\-opem |
| public key PEM format file name (default do not save)] |
| .TP |
| [\-tk |
| output ticket file name] |
| .TP |
| [\-ch |
| output creation hash file name] |
| .IP |
| [Asymmetric Key Algorithm] |
| .HP |
| \fB\-rsa\fR keybits (default) |
| .IP |
| (2048 default) |
| .HP |
| \fB\-ecc\fR curve |
| .IP |
| bnp256 |
| nistp256 |
| nistp384 |
| .IP |
| Key attributes |
| .TP |
| \fB\-bl\fR |
| data blob for unseal (create only) |
| requires \fB\-if\fR |
| .TP |
| \fB\-den\fR |
| decryption, (unrestricted, RSA and EC NULL scheme) |
| .TP |
| \fB\-deo\fR |
| decryption, (unrestricted, RSA OAEP, EC NULL scheme) |
| .TP |
| \fB\-dee\fR |
| decryption, (unrestricted, RSA ES, EC NULL scheme) |
| .TP |
| \fB\-des\fR |
| encryption/decryption, AES symmetric |
| [\-116 for TPM rev 116 compatibility] |
| .TP |
| \fB\-st\fR |
| storage (restricted) |
| [default for primary keys] |
| .TP |
| \fB\-si\fR |
| unrestricted signing (RSA and EC NULL scheme) |
| .TP |
| \fB\-sir\fR |
| restricted signing (RSA RSASSA, EC ECDSA scheme) |
| .TP |
| \fB\-dau\fR |
| unrestricted ECDAA signing key pair |
| .TP |
| \fB\-dar\fR |
| restricted ECDAA signing key pair |
| .TP |
| \fB\-kh\fR |
| keyed hash (unrestricted, hmac) |
| .TP |
| \fB\-khr\fR |
| keyed hash (restricted, hmac) |
| .TP |
| \fB\-dp\fR |
| derivation parent |
| .TP |
| \fB\-gp\fR |
| general purpose, not storage |
| .TP |
| [\-kt |
| (can be specified more than once)] |
| f fixedTPM (default for primary keys and derivation parents) |
| p fixedParent (default for primary keys and derivation parents) |
| nf no fixedTPM (default for non\-primary keys) |
| np no fixedParent (default for non\-primary keys) |
| ed encrypted duplication (default not set) |
| .TP |
| [\-da |
| object subject to DA protection (default no)] |
| .TP |
| [\-pol |
| policy file (default empty)] |
| .TP |
| [\-uwa |
| userWithAuth attribute clear (default set)] |
| .TP |
| [\-if |
| data (inSensitive) file name] |
| .TP |
| [\-nalg |
| name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
| .TP |
| [\-halg |
| scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)] |
| .HP |
| \fB\-se[0\-2]\fR session handle / attributes (default PWAP) |
| .TP |
| 01 |
| continue |
| .TP |
| 20 |
| command decrypt |
| .TP |
| 40 |
| response encrypt |