.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
.TH CREATEPRIMARY "1" "March 2020" "createprimary 1.3" "User Commands"
.SH NAME
createprimary \- Runs TPM2 createprimary
.SH DESCRIPTION
createprimary creates a primary storage key
.PP
Runs TPM2_CreatePrimary
.TP
[\-hi
hierarchy (e, o, p, n) (default null)]
.TP
[\-pwdp
password for hierarchy (default empty)]
.TP
[\-pwdpi
password file name for hierarchy (default empty)]
.TP
[\-pwdk
password for key (default empty)]
.TP
[\-iu
inPublic unique field file (default none)]
.TP
[\-opu
public key file name (default do not save)]
.TP
[\-opem
public key PEM format file name (default do not save)]
.TP
[\-tk
output ticket file name]
.TP
[\-ch
output creation hash file name]
.IP
[Asymmetric Key Algorithm]
.HP
\fB\-rsa\fR keybits (default)
.IP
(2048 default)
.HP
\fB\-ecc\fR curve
.IP
bnp256
nistp256
nistp384
.IP
Key attributes
.TP
\fB\-bl\fR
data blob for unseal (create only)
requires \fB\-if\fR
.TP
\fB\-den\fR
decryption, (unrestricted, RSA and EC NULL scheme)
.TP
\fB\-deo\fR
decryption, (unrestricted, RSA OAEP, EC NULL scheme)
.TP
\fB\-dee\fR
decryption, (unrestricted, RSA ES, EC NULL scheme)
.TP
\fB\-des\fR
encryption/decryption, AES symmetric
[\-116 for TPM rev 116 compatibility]
.TP
\fB\-st\fR
storage (restricted)
[default for primary keys]
.TP
\fB\-si\fR
unrestricted signing (RSA and EC NULL scheme)
.TP
\fB\-sir\fR
restricted signing (RSA RSASSA, EC ECDSA scheme)
.TP
\fB\-dau\fR
unrestricted ECDAA signing key pair
.TP
\fB\-dar\fR
restricted ECDAA signing key pair
.TP
\fB\-kh\fR
keyed hash (unrestricted, hmac)
.TP
\fB\-khr\fR
keyed hash (restricted, hmac)
.TP
\fB\-dp\fR
derivation parent
.TP
\fB\-gp\fR
general purpose, not storage
.TP
[\-kt
(can be specified more than once)]
f       fixedTPM (default for primary keys and derivation parents)
p       fixedParent (default for primary keys and derivation parents)
nf      no fixedTPM (default for non\-primary keys)
np      no fixedParent (default for non\-primary keys)
ed      encrypted duplication (default not set)
.TP
[\-da
object subject to DA protection (default no)]
.TP
[\-pol
policy file (default empty)]
.TP
[\-uwa
userWithAuth attribute clear (default set)]
.TP
[\-if
data (inSensitive) file name]
.TP
[\-nalg
name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
.TP
[\-halg
scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
.HP
\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
.TP
01
continue
.TP
20
command decrypt
.TP
40
response encrypt