From e7cdaf9574868830c77497953b530720fbff4e4c Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 18 Sep 2014 14:10:53 +0200 Subject: updated documentation --- manual/html_node/tpmtool-Invocation.html | 84 +++++++++++++++++++++++--------- 1 file changed, 62 insertions(+), 22 deletions(-) (limited to 'manual/html_node/tpmtool-Invocation.html') diff --git a/manual/html_node/tpmtool-Invocation.html b/manual/html_node/tpmtool-Invocation.html index 33492c1633..009ebc9ebf 100644 --- a/manual/html_node/tpmtool-Invocation.html +++ b/manual/html_node/tpmtool-Invocation.html @@ -1,7 +1,7 @@ -GnuTLS 3.3.7: tpmtool Invocation +GnuTLS 3.3.8: tpmtool Invocation - - + + @@ -161,9 +161,8 @@ dl { Previous: , Up: Trusted Platform Module   [Contents][Index]

-

tpmtool Invocation

-

Invoking tpmtool

+

5.3.4 Invoking tpmtool

@@ -175,7 +174,7 @@ This software is released under the GNU General Public License, version 3 or lat

-

tpmtool help/usage (--help)

+

5.3.5 tpmtool help/usage (--help)

This is the automatically generated usage text for tpmtool. @@ -189,24 +188,65 @@ used to select the program, defaulting to more. Both will exit with a status code of 0.

-
tpmtool is unavailable - no --help
+
tpmtool - GnuTLS TPM tool
+Usage:  tpmtool [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
+
+   -d, --debug=num            Enable debugging
+                                - it must be in the range:
+                                  0 to 9999
+       --infile=file          Input file
+                                - file must pre-exist
+       --outfile=str          Output file
+       --generate-rsa         Generate an RSA private-public key pair
+       --register             Any generated key will be registered in the TPM
+                                - requires the option 'generate-rsa'
+       --signing              Any generated key will be a signing key
+                                - requires the option 'generate-rsa'
+                                -- and prohibits the option 'legacy'
+       --legacy               Any generated key will be a legacy key
+                                - requires the option 'generate-rsa'
+                                -- and prohibits the option 'signing'
+       --user                 Any registered key will be a user key
+                                - requires the option 'register'
+                                -- and prohibits the option 'system'
+       --system               Any registred key will be a system key
+                                - requires the option 'register'
+                                -- and prohibits the option 'user'
+       --pubkey=str           Prints the public key of the provided key
+       --list                 Lists all stored keys in the TPM
+       --delete=str           Delete the key identified by the given URL (UUID).
+       --sec-param=str        Specify the security level [low, legacy, medium, high, ultra].
+       --bits=num             Specify the number of bits for key generate
+       --inder                Use the DER format for keys.
+                                - disabled as '--no-inder'
+       --outder               Use DER format for output keys
+                                - disabled as '--no-outder'
+   -v, --version[=arg]        output version information and exit
+   -h, --help                 display extended usage information and exit
+   -!, --more-help            extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+Program that allows handling cryptographic data from the TPM chip.
+
- -

debug option (-d)

+ +

5.3.6 debug option (-d)

This is the “enable debugging” option. This option takes a number argument. Specifies the debug level.

-

generate-rsa option

+

5.3.7 generate-rsa option

This is the “generate an rsa private-public key pair” option. Generates an RSA private-public key pair in the TPM chip. The key may be stored in filesystem and protected by a PIN, or stored (registered) in the TPM chip flash.

-

user option

+

5.3.8 user option

This is the “any registered key will be a user key” option.

@@ -220,7 +260,7 @@ system.

The generated key will be stored in a user specific persistent storage.

-

system option

+

5.3.9 system option

This is the “any registred key will be a system key” option.

@@ -233,15 +273,15 @@ user.

The generated key will be stored in system persistent storage. -

-

sec-param option

+

+

5.3.10 sec-param option

This is the “specify the security level [low, legacy, medium, high, ultra].” option. This option takes a string argument Security parameter. This is alternative to the bits option. Note however that the values allowed by the TPM chip are quantized and given values may be rounded up. -

-

inder option

+

+

5.3.11 inder option

This is the “use the der format for keys.” option.

@@ -253,8 +293,8 @@ values allowed by the TPM chip are quantized and given values may be rounded up.

The input files will be assumed to be in the portable DER format of TPM. The default format is a custom format used by various TPM tools -

-

outder option

+

+

5.3.12 outder option

This is the “use der format for output keys” option.

@@ -265,7 +305,7 @@ TPM tools

The output will be in the TPM portable DER format.

-

tpmtool exit status

+

5.3.13 tpmtool exit status

One of the following exit values will be returned:

@@ -277,10 +317,10 @@ TPM tools

-

tpmtool See Also

+

5.3.14 tpmtool See Also

p11tool (1), certtool (1)

-

tpmtool Examples

+

5.3.15 tpmtool Examples

To generate a key that is to be stored in filesystem use: 

$ tpmtool --generate-rsa --bits 2048 --outfile tpmkey.pem
-- 
cgit v1.2.1