1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
{
"format-version": "0.1.0",
"tool": {
"name": "tpmtool",
"title": "GnuTLS TPM tool",
"description": "Program to handle TPM as a cryptographic device.\n",
"detail": "Program that allows handling cryptographic data from the TPM chip.",
"short-usage": "tpmtool [options]\ntpmtool --help for usage instructions.\n"
},
"sections": [
{
"options": [
{
"long-option": "debug",
"short-option": "d",
"description": "Enable debugging",
"detail": "Specifies the debug level.",
"argument-range": {
"min": 0,
"max": 9999
},
"argument-type": "number"
},
{
"long-option": "infile",
"description": "Input file",
"file-exists": true,
"argument-type": "file"
},
{
"long-option": "outfile",
"description": "Output file",
"argument-type": "string"
},
{
"long-option": "generate-rsa",
"description": "Generate an RSA private-public key pair",
"detail": "Generates an RSA private-public key pair in the TPM chip. \nThe key may be stored in file system and protected by a PIN, or stored (registered)\nin the TPM chip flash."
},
{
"long-option": "register",
"description": "Any generated key will be registered in the TPM",
"requires": [
"generate-rsa"
]
},
{
"long-option": "signing",
"description": "Any generated key will be a signing key",
"conflicts": [
"legacy"
],
"requires": [
"generate-rsa"
]
},
{
"long-option": "legacy",
"description": "Any generated key will be a legacy key",
"conflicts": [
"signing"
],
"requires": [
"generate-rsa"
]
},
{
"long-option": "user",
"description": "Any registered key will be a user key",
"detail": "The generated key will be stored in a user specific persistent storage.",
"conflicts": [
"system"
],
"requires": [
"register"
]
},
{
"long-option": "system",
"description": "Any registered key will be a system key",
"detail": "The generated key will be stored in system persistent storage.",
"conflicts": [
"user"
],
"requires": [
"register"
]
},
{
"long-option": "pubkey",
"description": "Prints the public key of the provided key",
"argument-type": "string",
"argument-name": "url"
},
{
"long-option": "list",
"description": "Lists all stored keys in the TPM"
},
{
"long-option": "delete",
"description": "Delete the key identified by the given URL (UUID)",
"argument-type": "string",
"argument-name": "url"
},
{
"long-option": "test-sign",
"description": "Tests the signature operation of the provided object",
"detail": "It can be used to test the correct operation of the signature operation.\nThis operation will sign and verify the signed data.",
"argument-type": "string",
"argument-name": "url"
},
{
"long-option": "sec-param",
"description": "Specify the security level [low, legacy, medium, high, ultra]",
"detail": "This is alternative to the bits option. Note however that the\nvalues allowed by the TPM chip are quantized and given values may be rounded up.",
"argument-type": "string",
"argument-name": "Security parameter"
},
{
"long-option": "bits",
"description": "Specify the number of bits for key generate",
"argument-type": "number"
},
{
"long-option": "inder",
"description": "Use the DER format for keys",
"detail": "The input files will be assumed to be in the portable\nDER format of TPM. The default format is a custom format used by various\nTPM tools",
"disable-prefix": "no-"
},
{
"long-option": "outder",
"description": "Use DER format for output keys",
"detail": "The output will be in the TPM portable DER format.",
"disable-prefix": "no-"
},
{
"long-option": "srk-well-known",
"description": "SRK has well known password (20 bytes of zeros)"
}
]
}
]
}
|
