When using tpm2tss-genkey the parent object in the TPM (such as a Primary Key) can only be specified with a hex handle (eg 0x81000003).
It would be good to add support for handle files produced by the -o option of tpm2_evictcontrol. The man page for that tool specifically mentions these being safer to use than a raw handles. Since it is a binary format I am not sure why without digging into the code but I assume these files also include the object's name to allow for verification that the handle actually points to the expected object (assuming no tampering with the serialized handle file)
When using
tpm2tss-genkey
the parent object in the TPM (such as a Primary Key) can only be specified with a hex handle (eg 0x81000003). It would be good to add support for handle files produced by the-o
option oftpm2_evictcontrol
. The man page for that tool specifically mentions these being safer to use than a raw handles. Since it is a binary format I am not sure why without digging into the code but I assume these files also include the object's name to allow for verification that the handle actually points to the expected object (assuming no tampering with the serialized handle file)