tpmtoken_protect will encrypt or decrypt data using a symmetric key that is stored in the user's data store. The key used to protect the data is a 256-bit AES key stored as a private Secret Key PKCS#11 object. The object has the PKCS#11 label attribute of 'User Data Protection Key'. The key is generated by the TPM PKCS#11 implementation when it is needed the first time. Since it is generated as a private object, it is protected by the TPM on the platform.
This command requires the '-i' and '-o' command options to be specified.
tpmtoken_init(1) , tpmtoken_import(1) , tpmtoken_setpasswd(1) , tpmtoken_objects(1)
Table of Contents