1 @node tpmtool Invocation
2 @subsection Invoking tpmtool
5 # -*- buffer-read-only: t -*- vi: set ro:
7 # DO NOT EDIT THIS FILE (invoke-tpmtool.texi)
9 # It has been AutoGen-ed
10 # From the definitions ../src/tpmtool-args.def
11 # and the template file agtexi-cmd.tpl
15 Program that allows handling cryptographic data from the TPM chip.
17 This section was generated by @strong{AutoGen},
18 using the @code{agtexi-cmd} template and the option descriptions for the @code{tpmtool} program.
19 This software is released under the GNU General Public License, version 3 or later.
22 @anchor{tpmtool usage}
23 @subsection tpmtool help/usage (@option{--help})
26 This is the automatically generated usage text for tpmtool.
28 The text printed is the same whether selected with the @code{help} option
29 (@option{--help}) or the @code{more-help} option (@option{--more-help}). @code{more-help} will print
30 the usage text by passing it through a pager program.
31 @code{more-help} is disabled on platforms without a working
32 @code{fork(2)} function. The @code{PAGER} environment variable is
33 used to select the program, defaulting to @file{more}. Both will exit
34 with a status code of 0.
38 tpmtool is unavailable - no --help
42 @anchor{tpmtool debug}
43 @subsection debug option (-d)
45 This is the ``enable debugging'' option.
46 This option takes a number argument.
47 Specifies the debug level.
48 @anchor{tpmtool generate-rsa}
49 @subsection generate-rsa option
51 This is the ``generate an rsa private-public key pair'' option.
52 Generates an RSA private-public key pair in the TPM chip.
53 The key may be stored in filesystem and protected by a PIN, or stored (registered)
54 in the TPM chip flash.
56 @subsection user option
58 This is the ``any registered key will be a user key'' option.
61 This option has some usage constraints. It:
64 must appear in combination with the following options:
67 must not appear in combination with any of the following options:
71 The generated key will be stored in a user specific persistent storage.
72 @anchor{tpmtool system}
73 @subsection system option
75 This is the ``any registred key will be a system key'' option.
78 This option has some usage constraints. It:
81 must appear in combination with the following options:
84 must not appear in combination with any of the following options:
88 The generated key will be stored in system persistent storage.
89 @anchor{tpmtool test-sign}
90 @subsection test-sign option
92 This is the ``tests the signature operation of the provided object'' option.
93 This option takes a string argument @file{url}.
94 It can be used to test the correct operation of the signature operation.
95 This operation will sign and verify the signed data.
96 @anchor{tpmtool sec-param}
97 @subsection sec-param option
99 This is the ``specify the security level [low, legacy, medium, high, ultra].'' option.
100 This option takes a string argument @file{Security parameter}.
101 This is alternative to the bits option. Note however that the
102 values allowed by the TPM chip are quantized and given values may be rounded up.
103 @anchor{tpmtool inder}
104 @subsection inder option
106 This is the ``use the der format for keys.'' option.
109 This option has some usage constraints. It:
112 can be disabled with --no-inder.
115 The input files will be assumed to be in the portable
116 DER format of TPM. The default format is a custom format used by various
118 @anchor{tpmtool outder}
119 @subsection outder option
121 This is the ``use der format for output keys'' option.
124 This option has some usage constraints. It:
127 can be disabled with --no-outder.
130 The output will be in the TPM portable DER format.
131 @anchor{tpmtool exit status}
132 @subsection tpmtool exit status
134 One of the following exit values will be returned:
136 @item 0 (EXIT_SUCCESS)
137 Successful program execution.
138 @item 1 (EXIT_FAILURE)
139 The operation failed or the command syntax was not valid.
141 @anchor{tpmtool See Also}
142 @subsection tpmtool See Also
143 p11tool (1), certtool (1)
144 @anchor{tpmtool Examples}
145 @subsection tpmtool Examples
146 To generate a key that is to be stored in filesystem use:
148 $ tpmtool --generate-rsa --bits 2048 --outfile tpmkey.pem
151 To generate a key that is to be stored in TPM's flash use:
153 $ tpmtool --generate-rsa --bits 2048 --register --user
156 To get the public key of a TPM key use:
158 $ tpmtool --pubkey tpmkey:uuid=58ad734b-bde6-45c7-89d8-756a55ad1891;storage=user \
162 or if the key is stored in the filesystem:
164 $ tpmtool --pubkey tpmkey:file=tmpkey.pem --outfile pubkey.pem
167 To list all keys stored in TPM use: