% tpm2_encodeobject(1) tpm2-tools | General Commands Manual
tpm2_encodeobject(1) - Encode an object into a combined PEM format.
tpm2_encodeobject [OPTIONS]
tpm2_encodeobject(1) - Encode both the private and public portions of an object into a combined PEM format used by tpm2-tss-engine.
The tool reads private and public portions of an object and encodes it into a combined PEM format used by tpm2-tss-engine and other applications.
NOTE: Both private and public portions of the tpm key must be specified.
-
-C, --parent-context=OBJECT:
The parent object.
-
-P, --auth=AUTH:
The authorization value of the parent object specified by -C.
-
-u, --public=FILE:
A file containing the public portion of the object.
-
-r, --private=FILE:
A file containing the sensitive portion of the object.
-
-p, --key-auth:
Indicates if an authorization value is needed for the object specified by -r and -u.
-
-o, --output=FILE:
The output file path, recording the public portion of the object.
context object format details the methods for specifying OBJECT.
authorization formatting details the methods for specifying AUTH.
common options collection of common options that provide information many users may expect.
common tcti options collection of options used to configure the various known TCTI modules.
To load an object you first must create an object under a primary object. So the first step is to create the primary object.
tpm2_createprimary -c primary.ctxStep 2 is to create an object under the primary object.
tpm2_create -C primary.ctx -u key.pub -r key.priv -f pem -o pub.pemThis creates the private and public portions of the TPM object. With these object portions, it is now possible to load that object into the TPM for subsequent use.
The final step, is encoding the public and private portions of the object into a PEM format.
tpm2_encodeobject -C primary.ctx -u key.pub -r key.priv -o priv.pemThe generated priv.pem can be used together with pub.pem created in the
step 2 of Setup section.