DOKK / manpages / debian 12 / tpm2-tools / tss2_sign.1.en
tss2_sign(1) General Commands Manual tss2_sign(1)

tss2_sign(1) -

tss2_sign [OPTIONS]

fapi-config(5) to adjust Fapi parameters like the used cryptographic profile and TCTI or directories for the Fapi metadata storages.

fapi-profile(5) to determine the cryptographic algorithms and parameters for all keys and operations of a specific TPM interaction like the name hash algorithm, the asymmetric signature algorithm, scheme and parameters and PCR bank selection.

tss2_sign(1) - This command uses a key inside the TPM to sign a digest value using the TPM signing schemes as specified in the cryptographic profile (cf., fapi-profile(5)).

These are the available options:

-p, --keyPath=STRING:

The path to the signing key.

-s, --padding=STRING:

The padding scheme used. Possible values are “RSA_SSA”, “RSA_PSS” (case insensitive). Optional parameter. If omitted, the default padding specified in the cryptographic profile (cf., fapi-profile(5)) is used.

-c, --certificate=FILENAME or - (for stdout):

The certificate associated with keyPath in PEM format. Optional parameter.

-d, --digest=FILENAME or - (for stdin):

The data to be signed, already hashed.

-f, --force:

Force overwriting the output file.

-k, --publicKey=FILENAME or - (for stdout):

The public key associated with keyPath in PEM format. Optional parameter.

-o, --signature=FILENAME or - (for stdout):

Returns the signature in binary form.

This collection of options are common to all tss2 programs and provide information that many users may expect.

-h, --help [man|no-man]: Display the tools manpage. By default, it attempts to invoke the manpager for the tool, however, on failure will output a short tool summary. This is the same behavior if the “man” option argument is specified, however if explicit “man” is requested, the tool will provide errors from man on stderr. If the “no-man” option if specified, or the manpager fails, the short options will be output to stdout.

To successfully use the manpages feature requires the manpages to be installed or on MANPATH, See man(1) for more details.

-v, --version: Display version information for this tool, supported tctis and exit.

tss2_sign --keyPath=HS/SRK/myRSASign --padding="RSA_PSS" --digest=digest.file --signature=signature.file --publicKey=publicKey.file

0 on success or 1 on failure.

Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)

See the Mailing List (https://lists.linuxfoundation.org/mailman/listinfo/tpm2)

APRIL 2019 tpm2-tools