tpm-sign

command

v0.9.0 Latest Latest Go to latest Published: Jun 21, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/go-tpm

Links

Open Source Insights

README ¶

tpm-sign

This example shows how you can generate keys inside the TPM and use them for signature/verification operations. This utility supports sign, verify, generate, and extendPcr actions. Use ./tpm-sign <action> --help for advanced usage of each action.

Basic Usage

The following snippet shows how you can generate a key, sign data with it, and verify the signature.

$ ./tpm-sign generate
Writing keyblob to keyblob
Writing public key to publickey
$ echo test_data | ./tpm-sign sign
Writing signature to sig.data
$ echo test_data | ./tpm-sign verify
Signature valid.

Binding against PCRs

This example shows how you can generate a key that is bound against PCR values.

$ ./tpm-sign extendPcr --reset --pcr 16
$ ./tpm-sign generate --pcrs 0,16
Writing keyblob to keyblob
Writing public key to publickey
$ echo test_data | ./tpm-sign sign
Writing signature to sig.data
$ echo test_measurement | ./tpm-sign extendPcr --pcr 16
$ echo test_data | ./tpm-sign sign
Could not perform sign operation: tpm: the named PCR value does not match the current PCR value

Documentation ¶

Rendered for

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL