NAME¶

stpm-sign - Sign data using the TPM chip

SYNOPSIS¶

stpm-sign [ -hs ] -k key file -f input file

DESCRIPTION¶

stpm-sign takes the SRK-encrypted key blob and has the TPM sign the contents of input file using the key.

This program is mostly made for debugging, to make sure that the TPM is set up correctly and a valid key was generated.

OPTIONS¶

-h: Show usage info.

-f input file: File containing dato to be signed.

-k: Key to sign with. The key is generated with stpm-keysign.

-s: Ask for the SRK password interactively. By default the "Well Known Secret" (20 nulls) is used. The SRK password is an access token that must be presented for the TPM to perform any operation that involves the TPM, and an actual secret password is usually not required or useful.

EXAMPLES¶

stpm-sign -k ~/.simple-tpm-pk11/my.key -f my-data-here

stpm-sign -k ~/.simple-tpm-pk11/my-PIN-key.key -f my-data-here
Enter key PIN: my secret password here

stpm-sign -sk ~/.simple-tpm-pk11/my-PIN-key.key -f my-data-here
Enter SRK PIN: 12345678
Enter key PIN: my secret password here

DIAGNOSTICS¶

Most errors will probably be related to interacting with the TPM chip. Resetting the TPM chip and taking ownership should take care of most of them. See the TPM-TROUBLESHOOTING section of simple-tpm-pk11(7).

AUTHOR¶

Simple-TPM-PK11 was written By Thomas Habets <habets@google.com> / <thomas@habets.se>.

git clone https://github.com/ThomasHabets/simple-tpm-pk11.git

1th December, 2013

simple-tpm-pk11

Source file:	stpm-sign.1.en.gz (from simple-tpm-pk11 0.03-1)
Source last updated:	2014-06-04T08:09:13Z
Converted to HTML:	2018-08-09T23:05:19Z