Provided by: simple-tpm-pk11_0.04-1_amd64 bug

NAME

       stpm-exfiltrate - Extract key from TPM chip

SYNOPSIS

       stpm-exfiltrate [ -hOps ] -k key file

DESCRIPTION

       stpm-exfiltrate  extracts  a  key  that  is otherwise protected by the TPM chip. This only
       works if the key is "migratable" (meaning it was generated in software), and the TPM owner
       password is known.

       This  is  why  you should generate keys in hardware (the default) with stpm-keygen and not
       use its -S option.

OPTIONS

       -h     Show usage info.

       -k key file
              Key blob file to read.

       -O     Use Well Known Secret for owner password. Default is ask.

       -p     Ask for key PIN / password. Default is Well Known Secret.

       -o     Ask for SRK PIN / password. Default is Well Known Secret.

EXAMPLES

       stpm-exfiltrate -k ~/.simple-tpm-pk11/my.key
       Enter owner password: blah blah
       [ ... key data here ...]

       stpm-exfiltrate -p -k ~/.simple-tpm-pk11/my.key
       Enter owner password: blah blah
       Enter key PIN: my secret password here
       [ ... key data here ...]

       stpm-exfiltrate -sp -k ~/.simple-tpm-pk11/my.key
       Enter owner password: blah blah
       Enter key PIN: my secret password here
       Enter SRK PIN: 12345678
       [ ... key data here ...]

DIAGNOSTICS

       Most errors will probably be related to interacting with the TPM chip.  Resetting the  TPM
       chip  and  taking  ownership should take care of most of them. See the TPM-TROUBLESHOOTING
       section of simple-tpm-pk11(7).

SEE ALSO

       simple-tpm-pk11(7), stpm-sign(1), stpm-keygen.

AUTHOR

       Simple-TPM-PK11 was written By Thomas Habets <habets@google.com> / <thomas@habets.se>.

       git clone https://github.com/ThomasHabets/simple-tpm-pk11.git