Provided by: simple-tpm-pk11_0.06-1build1_amd64 bug


       stpm-sign - Sign data using the TPM chip


       stpm-sign [ -hs ] -k key file -f input file


       stpm-sign takes the SRK-encrypted key blob and has the TPM sign the contents of input file
       using the key.

       This program is mostly made for debugging, to make sure that the TPM is set  up  correctly
       and a valid key was generated.


       -h     Show usage info.

       -f input file
              File containing data to be signed.

       -k     Key to sign with. The key is generated with stpm-keysign.

       -s     Ask  for  the  SRK  password  interactively. By default the "Well Known Secret" (20
              nulls) is used. The SRK password is an access token that must be presented for  the
              TPM  to  perform any operation that involves the TPM, and an actual secret password
              is usually not required or useful.


       stpm-sign -k ~/.simple-tpm-pk11/my.key -f my-data-here

       stpm-sign -k ~/.simple-tpm-pk11/my-PIN-key.key -f my-data-here
       Enter key PIN: my secret password here

       stpm-sign -sk ~/.simple-tpm-pk11/my-PIN-key.key -f my-data-here
       Enter SRK PIN: 12345678
       Enter key PIN: my secret password here


       Most errors will probably be related to interacting with the TPM chip.  Resetting the  TPM
       chip  and  taking  ownership should take care of most of them. See the TPM-TROUBLESHOOTING
       section of simple-tpm-pk11(7).


       simple-tpm-pk11(7), stpm-keygen(1), stpm-verify(1).


       Simple-TPM-PK11 was written By Thomas Habets <> / <>.

       git clone