TPM Virtual Smartcard Setup Utility
tpmvscmgr
- C:\Windows\system32\tpmvscmgr.exe /?
STDERR:
TpmVscMgr.exe
Commands:
create
[/quiet]
/name <name>
/adminkey 'PROMPT'|'DEFAULT'|'RANDOM'
[/puk 'PROMPT'|'DEFAULT']
/pin 'PROMPT'|'DEFAULT'
[/generate]
[/machine <machine name>]
[/pinpolicy [policy options]]
policy options:
minlen <minimum PIN length>
maxlen <maximum PIN length>
uppercase 'ALLOWED'|'DISALLOWED'|'REQUIRED'
lowercase 'ALLOWED'|'DISALLOWED'|'REQUIRED'
digits 'ALLOWED'|'DISALLOWED'|'REQUIRED'
specialchars 'ALLOWED'|'DISALLOWED'|'REQUIRED'
[/attestation 'AIK_AND_CERT'|'AIK_ONLY']
destroy
[/quiet]
/instance <device instance ID>
[/machine <machine name>]
Legend:
'PROMPT' => prompt for parameter
'DEFAULT' => default value for parameter
'RANDOM' => generate a random value
'ALLOWED' => these characters are allowed
'DISALLOWED' => these characters are not
allowed
'REQUIRED' => at least one such character
is required
'AIK_AND_CERT' => Creates an AIK and obtains
an AIK certificate from the cloud CA
'AIK_ONLY' => Creates an AIK but
does not obtain an AIK certificate
Note:
The generate command formats the TPM
virtual smart card so that it can be used
to enroll for certificates. If this option
is not specified, a card management
system/tool will need to be used to format
the card before first use.
Note:
/pinpolicy may only be used in conjunction
with /pin prompt.
Note:
The default PIN policy options are as
follows:
minlen 8
maxlen 127
uppercase allowed
lowercase allowed
digits allowed
specialchars allowed
The lower and upper bounds on PIN length
are 4 and 127, respectively. When using
/pinpolicy, PIN characters must be
printable ASCII characters.
Note:
If '/attestation AIK_AND_CERT' is specified, it
is possible that VSC creation will fail if
there is no network connectivity.
Examples:
Create a TPM virtual smart card with default value for
PIN and a random admin key with no attestation:
TpmVscMgr create /name MyVSC /pin default /adminkey random /generate
Create a TPM virtual smart card with default value for
admin key and a specified PIN policy and attestation method:
TpmVscMgr create /name MyVSC /pin prompt /pinpolicy minlen 4 maxlen 8
/adminkey default /attestation AIK_AND_CERT /generate
Destroy a TPM virtual smart card using the instance ID
that was returned when the card was created:
TpmVscMgr destroy /instance root\smartcardreader\0000
Return Code: 0
C:\Windows\system32\tpmvscmgr.exe
c:\>ver
Microsoft Windows [Version 10.0.19045.2075]
| File | Info |
|---|---|
| File Size | 102400bytes |
| Creation Time | 2019/12/07 18:08:49 |
| LastWrite Time | 2019/12/07 18:08:49 |
| ProductVersion | 10.0.19041.1 |
| FileVersion | 4.00 (WinBuild.160101.0800) |
| Hash | Value |
|---|---|
| MD5 | d922a26d46a2e2194be6c3af1548d0e9 |
| SHA1 | d0afd35a719dc0efc018f2609144297473d711d3 |
| SHA224 | 1b242d0d695d5163c09bef37719353c73ab319ce83eeeb2bca71f1f9 |
| SHA256 | 4363b665cb1b4b724716d7e287fe770d8c38c76aa78fa0d1cbcd1c9bc1c2b02c |
| SHA384 | 2e90c554917683cc150985a422381ca830ca4fb6a08b6cb72a8e61a8452c91599061efbc6101b52569b2822532fc5e7e |
| SHA512 | 582d2892040c7f57dd00e14c9382cfb832cadda8b7a6dbc5dbf02b6a2aaf2d311cbc47012369020c413f8bdb03ee7dfc7aebc898278a973bc14d0796a22de977 |