.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
.TH CERTIFYX509 "1" "March 2020" "certifyx509 1.3" "User Commands"
.SH NAME
certifyx509 \- Runs TPM2 certifyx509
.SH DESCRIPTION
certifyx509
.PP
Runs TPM2_Certifyx509
.TP
\fB\-ho\fR
object handle
.TP
[\-pwdo
password for object (default empty)]
.TP
\fB\-hk\fR
certifying key handle
.TP
[\-pwdk
password for key (default empty)]
.TP
[\-halg
(sha1, sha256, sha384 sha512) (default sha256)]
.TP
[\-salg
signature algorithm (rsa, ecc) (default rsa)]
.TP
[\-ku
X509 key usage \- string \- comma separated, no spaces]
.TP
[\-iob
TPMA_OBJECT \- 4 byte hex]
e.g. sign: critical,digitalSignature,keyCertSign,cRLSign (default)
e.g. decrypt: critical,dataEncipherment,keyAgreement,encipherOnly,decipherOnly
e.g. fixedTPM: critical,nonRepudiation
e.g. parent (restrict decrypt): critical,keyEncipherment
.TP
[\-bit
bit in partialCertificate to toggle]
.TP
[\-sub
subject same as issuer for self signed (root) certificate]
.TP
[\-opc
partial certificate file name (default do not save)]
.TP
[\-oa
addedToCertificate file name (default do not save)]
.TP
[\-otbs
signed tbsDigest file name (default do not save)]
.TP
[\-os
signature file name (default do not save)]
.TP
[\-ocert
reconstructed certificate file name (default do not save)]
.HP
\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
.TP
01
continue
.TP
20
command decrypt
.TP
40
response encrypt