1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
% tpm2_unseal(1) tpm2-tools | General Commands Manual
# NAME
**tpm2_unseal**(1) - Returns a data blob in a loaded TPM object. The data blob
is returned in clear.
# SYNOPSIS
**tpm2_unseal** [*OPTIONS*]
# DESCRIPTION
**tpm2_unseal**(1) - Returns a data blob in a loaded TPM object. The data blob
is returned in clear. The data is sealed at the time of the object creation
using the **tpm2_create** tool. Such an object intended for sealing data has to
be of the type _TPM\_ALG\_KEYEDHASH_.
# OPTIONS
* **-c**, **\--object-context**=_OBJECT_:
Object context for the loaded object.
* **-p**, **\--auth**=_AUTH_:
Optional auth value to use for the key specified by **-c**.
* **-o**, **\--output**=_FILE_:
Output file name containing the unsealed data. Defaults to _STDOUT_ if not
specified.
* **\--cphash**=_FILE_
File path to record the hash of the command parameters. This is commonly
termed as cpHash. NOTE: When this option is selected, The tool will not
actually execute the command, it simply returns a cpHash.
## References
[context object format](common/ctxobj.md) details the methods for specifying
_OBJECT_.
[authorization formatting](common/authorizations.md) details the methods for
specifying _AUTH_.
[common options](common/options.md) collection of common options that provide
information many users may expect.
[common tcti options](common/tcti.md) collection of options used to configure
the various known TCTI modules.
# EXAMPLES
```bash
tpm2_createprimary -c primary.ctx -Q
tpm2_pcrread -Q -o pcr.bin sha256:0,1,2,3
tpm2_createpolicy -Q --policy-pcr -l sha256:0,1,2,3 -f pcr.bin -L pcr.policy
echo 'secret' | tpm2_create -C primary.ctx -L pcr.policy -i-\
-u seal.pub -r seal.priv -c seal.ctx -Q
tpm2_unseal -c seal.ctx -p pcr:sha256:0,1,2,3
```
[returns](common/returns.md)
[footer](common/footer.md)
|