1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
% tss2_sign(1) tpm2-tools | General Commands Manual
%
% APRIL 2019
# NAME
**tss2_sign**(1) -
# SYNOPSIS
**tss2_sign** [*OPTIONS*]
[common fapi references](common/tss2-fapi-references.md)
# DESCRIPTION
**tss2_sign**(1) - This command uses a key inside the TPM to sign a digest value
using the TPM signing schemes as specified in the cryptographic profile
(cf., **fapi-profile(5)**).
# OPTIONS
These are the available options:
* **-p**, **\--keyPath**=_STRING_:
The path to the signing key.
* **-s**, **\--padding**=_STRING_:
The padding scheme used. Possible values are "RSA_SSA", "RSA_PSS" (case insensitive). Optional parameter.
If omitted, the default padding specified in the cryptographic profile
(cf., **fapi-profile(5)**) is used.
* **-c**, **\--certificate**=_FILENAME_ or _-_ (for stdout):
The certificate associated with keyPath in PEM format. Optional parameter.
* **-d**, **\--digest**=_FILENAME_ or _-_ (for stdin):
The data to be signed, already hashed.
* **-f**, **\--force**:
Force overwriting the output file.
* **-k**, **\--publicKey**=_FILENAME_ or _-_ (for stdout):
The public key associated with keyPath in PEM format. Optional parameter.
* **-o**, **\--signature**=_FILENAME_ or _-_ (for stdout):
Returns the signature in binary form.
[common tss2 options](common/tss2-options.md)
# EXAMPLE
```
tss2_sign --keyPath=HS/SRK/myRSASign --padding="RSA_PSS" --digest=digest.file --signature=signature.file --publicKey=publicKey.file
```
# RETURNS
0 on success or 1 on failure.
[footer](common/footer.md)
|