Provided by: tpm-tools-pkcs11_1.3.9.2-0.1_amd64 bug

NAME

       tpmtoken_import  -  import  an X.509 certficate and/or an RSA key pair into the user's TPM
       PKCS#11 data store

SYNOPSIS

       tpmtoken_import [ OPTION ] FILE

DESCRIPTION

       tpmtoken_import imports a PEM formatted representation of an X.509 certificate and/or an
       RSA key contained in FILE.

       Importing an X.509 certificate creates an X.509 Public Key Certificate PKCS#11 object and
       also an RSA Public Key PKCS#11 object using the RSA public key contained in the
       certificate.  The certificate's key must be an RSA key in order for the certificate to be
       successfully processed by this command.

       Importing an RSA key creates an RSA Public Key and an RSA Private Key PKCS#11 object.  In
       order to associate the RSA PKCS#11 objects with an X.509 Public Key Certificate PKCS#11
       object, the RSA PKCS#11 objects must have a subject name and key identifier associated
       with them.  This can be accomplished by supplying the corresponding X.509 certificate as
       an optional command parameter.

       The input can contain PEM formatted representations of both an X.509 certificate and an
       RSA key. If both representations are present then an X.509 Public Key Certificate PKCS#11
       object, an RSA Public Key PKCS#11 object and an RSA Private Key PKCS#11 object are
       created.

       -h, --help
              Display command usage info.

       -v, --version
              Display command version info.

       -l, --log [none|error|info|debug]
              Set logging level.

       -i, --idfile FILE
              Use FILE as the PEM formatted X.509 certificate input used to obtain the subject
              and id attributes

       -k, --token STRING
              Use STRING to identify the label of the PKCS#11 token to be used

       -n, --name STRING
              Use STRING as the label for the imported object(s)

       -p, --public
              Import the object(s) as a public object

       -t, --type key|cert
              Import only the specified object type

       -y, --yes
              Assume an answer of yes for any confirmation prompts that would normally be asked

SEE ALSO

       tpmtoken_init(1), tpmtoken_setpasswd(1), tpmtoken_objects(1), tpmtoken_protect(1)

REPORTING BUGS

       Report bugs to <trousers-users@lists.sourceforge.net>