1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
.TH CREATELOADED "1" "March 2020" "createloaded 1.3" "User Commands"
.SH NAME
createloaded \- Runs TPM2 createloaded
.SH DESCRIPTION
createloaded
.PP
Runs TPM2_CreateLoaded
.HP
\fB\-hp\fR parent handle (can be hierarchy)
.IP
40000001 Owner
4000000c Platform
4000000b Endorsement
.IP
[Asymmetric Key Algorithm]
.HP
\fB\-rsa\fR keybits (default)
.IP
(2048 default)
.HP
\fB\-ecc\fR curve
.IP
bnp256
nistp256
nistp384
.IP
Key attributes
.TP
\fB\-bl\fR
data blob for unseal (create only)
requires \fB\-if\fR
.TP
\fB\-den\fR
decryption, (unrestricted, RSA and EC NULL scheme)
.TP
\fB\-deo\fR
decryption, (unrestricted, RSA OAEP, EC NULL scheme)
.TP
\fB\-dee\fR
decryption, (unrestricted, RSA ES, EC NULL scheme)
.TP
\fB\-des\fR
encryption/decryption, AES symmetric
[\-116 for TPM rev 116 compatibility]
.TP
\fB\-st\fR
storage (restricted)
[default for primary keys]
.TP
\fB\-si\fR
unrestricted signing (RSA and EC NULL scheme)
.TP
\fB\-sir\fR
restricted signing (RSA RSASSA, EC ECDSA scheme)
.TP
\fB\-dau\fR
unrestricted ECDAA signing key pair
.TP
\fB\-dar\fR
restricted ECDAA signing key pair
.TP
\fB\-kh\fR
keyed hash (unrestricted, hmac)
.TP
\fB\-khr\fR
keyed hash (restricted, hmac)
.TP
\fB\-dp\fR
derivation parent
.TP
\fB\-gp\fR
general purpose, not storage
.TP
[\-kt
(can be specified more than once)]
f fixedTPM (default for primary keys and derivation parents)
p fixedParent (default for primary keys and derivation parents)
nf no fixedTPM (default for non\-primary keys)
np no fixedParent (default for non\-primary keys)
ed encrypted duplication (default not set)
.TP
[\-da
object subject to DA protection (default no)]
.TP
[\-pol
policy file (default empty)]
.TP
[\-uwa
userWithAuth attribute clear (default set)]
.TP
[\-if
data (inSensitive) file name]
.TP
[\-nalg
name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
.TP
[\-halg
scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
.TP
[\-der
object's parent is a derivation parent]
.TP
[\-pwdk
password for key (default empty)]
.TP
[\-pwdp
password for parent key (default empty)]
.TP
[\-opu
public key file name (default do not save)]
.TP
[\-opr
private key file name (default do not save)]
.TP
[\-opem
public key PEM format file name (default do not save)]
.HP
\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
.TP
01
continue
.TP
20
command decrypt
.TP
40
response encrypt
|
