author yamt <>
Tue, 17 Apr 2012 00:01:34 +0000
changeset 280360 e98874280705
permissions -rw-r--r--
sync with head

.\" Copyright (C) 2005 International Business Machines Corporation
.de Sh \" Subsection
.if t .Sp
.ne 5
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
.de Ip \" List item
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
.TH "tpmtoken_protect" 1 "2005-04-25"  "TPM Management"
.ce 1
TPM Management - tpmtoken_protect
tpmtoken_protect \- encrypt or decrypt data using a symmetric key stored
in the user's TPM PKCS#11 data store
.ad l
.hy 0
.B tpmtoken_protect

\fBtpmtoken_protect\fR will encrypt or decrypt data using a symmetric key that
is stored in the user's data store.  The key used to protect the data
is a 256-bit AES key stored as a private Secret Key PKCS#11 object.  The object
has the PKCS#11 label attribute of \'User Data Protection Key\'.
The key is generated by the TPM PKCS#11 implementation when it is needed the
first time.  Since it is generated as a private object, it is protected by the
TPM on the platform.
This command requires the \'-i\' and \'-o\' command options to be specified.

\fB\-h\fR, \fB\-\-help\fR
Display command usage info.
\fB-v\fR, \fB\-\-version\fR
Display command version info.
\fB-l\fR, \fB\-\-log\fR [none|error|info|debug]
Set logging level.
\fB-d\fR, \fB\-\-decrypt\fR
Perform a decryption operation
\fB-e\fR, \fB\-\-encrypt\fR
Perform an encryption operation
\fB-i\fR, \fB\-\-infile\fR FILE
Use FILE as the input to the specified operation
\fB-k\fR, \fB\-\-token\fR STRING
Use STRING to identify the label of the PKCS#11 token to
be used
\fB-o\fR, \fB\-\-outfile\fR FILE
Use FILE as the output of the specified operation


Report bugs to <>