stpm-sign - Sign data using the TPM chip

       Simple-TPM-PK11 was written By Thomas Habets <habets@google.com> / <thomas@habets.se>.

       git clone https://github.com/ThomasHabets/simple-tpm-pk11.git

simple-tpm-pk11                                1th December, 2013                                   stpm-sign(1)

stpm-sign takes the SRK-encrypted key blob and has the TPM sign the contents of inputfile using the key.

       This  program is mostly made for debugging, to make sure that the TPM is set up correctly and a valid key
       was generated.

       Most errors will probably be related to interacting with the TPM chip.  Resetting the TPM chip and taking
       ownership should take care of most of them. See the TPM-TROUBLESHOOTING section of simple-tpm-pk11(7).

       stpm-sign -k ~/.simple-tpm-pk11/my.key -f my-data-here

       stpm-sign -k ~/.simple-tpm-pk11/my-PIN-key.key -f my-data-here
       Enter key PIN: my secret password here

       stpm-sign -sk ~/.simple-tpm-pk11/my-PIN-key.key -f my-data-here
       Enter SRK PIN: 12345678
       Enter key PIN: my secret password here

       stpm-sign - Sign data using the TPM chip

       -h     Show usage info.

       -f inputfile
              File containing data to be signed.

       -k     Key to sign with. The key is generated with stpm-keysign.

       -s     Ask for the SRK password interactively. By default the "Well Known Secret" (20 nulls) is used. The
              SRK password is an access token that must be presented for the TPM to perform any  operation  that
              involves the TPM, and an actual secret password is usually not required or useful.

simple-tpm-pk11(7), stpm-keygen(1), stpm-verify(1).

stpm-sign [ -hs ] -k keyfile -f inputfile