This is the command stpm-exfiltrate that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
stpm-exfiltrate - Extract key from TPM chip
SYNOPSIS
stpm-exfiltrate [ -hOps ] -k key file
DESCRIPTION
stpm-exfiltrate extracts a key that is otherwise protected by the TPM chip. This only
works if the key is "migratable" (meaning it was generated in software), and the TPM owner
password is known.
This is why you should generate keys in hardware (the default) with stpm-keygen and not
use its -S option.
OPTIONS
-h Show usage info.
-k key file
Key blob file to read.
-O Use Well Known Secret for owner password. Default is ask.
-p Ask for key PIN / password. Default is Well Known Secret.
-o Ask for SRK PIN / password. Default is Well Known Secret.
EXAMPLES
stpm-exfiltrate -k ~/.simple-tpm-pk11/my.key
Enter owner password: blah blah
[ ... key data here ...]
stpm-exfiltrate -p -k ~/.simple-tpm-pk11/my.key
Enter owner password: blah blah
Enter key PIN: my secret password here
[ ... key data here ...]
stpm-exfiltrate -sp -k ~/.simple-tpm-pk11/my.key
Enter owner password: blah blah
Enter key PIN: my secret password here
Enter SRK PIN: 12345678
[ ... key data here ...]
DIAGNOSTICS
Most errors will probably be related to interacting with the TPM chip. Resetting the TPM
chip and taking ownership should take care of most of them. See the TPM-TROUBLESHOOTING
section of simple-tpm-pk11(7).
Use stpm-exfiltrate online using onworks.net services
