Provided by: tss2_1045-1.2_amd64 
NAME
createprimary - Runs TPM2_CreatePrimary
DESCRIPTION
--version-string=v1045 is not a valid option
createprimary creates a primary storage key
Runs TPM2_CreatePrimary
[-hi hierarchy (e, o, p, n) (default null)] [-pwdp password for hierarchy (default empty)] [-pwdpi
password file name for hierarchy (default empty)] [-pwdk password for key (default empty)] [-iu
inPublic unique field file (default none)] [-opu public key file name (default do not save)]
[oipem public key PEM format file name (default do not save)] [-tk output ticket file name] [-ch
output creation hash file name]
[Asymmetric Key Algorithm]
-rsa (default) -ecc curve
bnp256 nistp256 nistp384
Key attributes
-bl data blob for unseal (create only)
-if data file name
-den decryption, RSA, not storage, NULL scheme -deo decryption, RSA, not storage, OAEP scheme -des
encryption/decryption, AES symmetric
[-116 for TPM rev 116 compatibility]
-st storage
[default for primary keys]
-si signing -sir restricted signing -dau create unrestricted ECDAA key pair -dar create restricted
ECDAA key pair -kh keyed hash (hmac) -dp derivation parent -gp general purpose, not storage
[-kt (can be specified more than once)]
f fixedTPM (default for primary keys and derivation parents) p fixedParent (default for primary
keys and derivation parents) nf no fixedTPM (default for non-primary keys) np no fixedParent
(default for non-primary keys)
[-da object subject to DA protection) (default no)]
[-pol policy file (default empty)] [-uwa userWithAuth attribute clear (default set)]
[-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)] [-halg scheme hash algorithm
(sha1, sha256, sha384) (default sha256)]
-se[0-2] session handle / attributes (default PWAP)
01 continue 20 command decrypt 40 response encrypt
--version is not a valid option
createprimary creates a primary storage key
Runs TPM2_CreatePrimary
[-hi hierarchy (e, o, p, n) (default null)] [-pwdp password for hierarchy (default empty)] [-pwdpi
password file name for hierarchy (default empty)] [-pwdk password for key (default empty)] [-iu
inPublic unique field file (default none)] [-opu public key file name (default do not save)]
[oipem public key PEM format file name (default do not save)] [-tk output ticket file name] [-ch
output creation hash file name]
[Asymmetric Key Algorithm]
-rsa (default) -ecc curve
bnp256
nistp256 nistp384
Key attributes
-bl data blob for unseal (create only)
-if data file name
-den decryption, RSA, not storage, NULL scheme -deo decryption, RSA, not storage, OAEP scheme -des
encryption/decryption, AES symmetric
[-116 for TPM rev 116 compatibility]
-st storage
[default for primary keys]
-si signing -sir restricted signing -dau create unrestricted ECDAA key pair -dar create restricted
ECDAA key pair -kh keyed hash (hmac) -dp derivation parent -gp general purpose, not storage
[-kt (can be specified more than once)]
f fixedTPM (default for primary keys and derivation parents) p fixedParent (default for primary
keys and derivation parents) nf no fixedTPM (default for non-primary keys) np no fixedParent
(default for non-primary keys)
[-da object subject to DA protection) (default no)]
[-pol policy file (default empty)] [-uwa userWithAuth attribute clear (default set)]
[-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)] [-halg scheme hash algorithm
(sha1, sha256, sha384) (default sha256)]
-se[0-2] session handle / attributes (default PWAP)
01 continue 20 command decrypt 40 response encrypt
SEE ALSO
The full documentation for createprimary is maintained as a Texinfo manual. If the info and
createprimary programs are properly installed at your site, the command
info createprimary
should give you access to the complete manual.