tsskey

class tpm2_pytss.tsskey.TSSPrivKey(private, public, empty_auth=True, parent=TPM2_RH_OWNER)[source]

TSSPrivKey is class to create/load keys for/from tpm2-tss-engine / tpm2-openssl.

Note

Most users should use create_rsa/create_ecc together with to_pem and from_pem together with load.

classmethod create(ectx, template, parent=TPM2_RH_OWNER, password=None)[source]

Create a TssPrivKey using a template.

Note

Most users should use the create_rsa or create_ecc methods.

Parameters

  • ectx (ESAPI) – The ESAPI instance to use for creating the key.

  • template (TPM2B_PUBLIC) – The key template.

  • parent (int) – The parent of the key, default is TPM2_RH_OWNER.

  • password (bytes) – The password to set for the key, default is None.

Returns

Returns a TSSPrivKey instance with the created key.

classmethod create_ecc(ectx, curveID=TPM2_ECC_NIST_P256, parent=TPM2_RH_OWNER, password=None)[source]

Create an ECC TssPrivKey using a standard ECC key template.

Parameters

  • ectx (ESAPI) – The ESAPI instance to use for creating the key.

  • curveID (int) – The ECC curve to be used, default is TPM2_ECC.NIST_P256.

  • parent (int) – The parent of the key, default is TPM2_RH_OWNER.

  • password (bytes) – The password to set for the key, default is None.

Returns

Returns a TSSPrivKey instance with the created ECC key.

classmethod create_rsa(ectx, keyBits=2048, exponent=0, parent=TPM2_RH_OWNER, password=None)[source]

Create a RSA TssPrivKey using a standard RSA key template.

Parameters

  • ectx (ESAPI) – The ESAPI instance to use for creating the key.

  • keyBits (int) – Size of the RSA key, default is 2048.

  • exponent (int) – The exponent to use for the RSA key, default is 0 (TPM default).

  • parent (int) – The parent of the key, default is TPM2_RH_OWNER.

  • password (bytes) – The password to set for the key, default is None.

Returns

Returns a TSSPrivKey instance with the created RSA key.

property empty_auth

Defines if the authorization is a empty password.

Type

bool

classmethod from_der(data)[source]

Load a TSSPrivKey from DER ASN.1.

Parameters

data (bytes) – The DER encoded ASN.1.

Returns

Returns a TSSPrivKey instance.

classmethod from_pem(data)[source]

Load a TSSPrivKey from PEM ASN.1.

Parameters

data (bytes) – The PEM encoded ASN.1.

Returns

Returns a TSSPrivKey instance.

load(ectx, password=None)[source]

Load the TSSPrivKey.

Parameters

  • ectx (ESAPI) – The ESAPI instance to use for loading the key.

  • password (bytes) – The password of the TPM key, default is None.

Returns

An ESYS_TR handle.

property parent

Handle of the parent key.

Type

int

property private

The private part of the TPM key.

Type

TPM2B_PRIVATE

property public

The public part of the TPM key.

Type

TPM2B_PUBLIC

to_der()[source]

Encode the TSSPrivKey as DER encoded ASN.1.

Returns

Returns the DER encoding as bytes.

to_pem()[source]

Encode the TSSPrivKey as PEM encoded ASN.1.

Returns

Returns the PEM encoding as bytes.