Get-TpmEndorsementKeyInfo
Gets information about the endorsement key and certificates of the TPM.
Syntax
Get-TpmEndorsementKeyInfo
[[-HashAlgorithm] <String>]
[<CommonParameters>] Description
The Get-TpmEndorsementKeyInfo cmdlet gets information about the endorsement public key and certificates of the Trusted Platform Module (TPM).
Examples
Example 1: Get endorsement key information
PS C:\> Get-TpmEndorsementKeyInfo -Hash "Sha256"
IsPresent : True
PublicKey : System.Security.Cryptography.AsnEncodedData
PublicKeyHash : 70769c52b6e24ef683693c2a0208da68d77e94192e1f4080ae7c9b97c6caa681
ManufacturerCertificates : {[Subject]
OID.2.23.133.2.3=1.2,
OID.2.23.133.2.2=C4T8SOX3.5,
OID.2.23.133.2.1=id:782F345A
[Issuer]
CN=Contoso TPM CA1, OU=Contoso
Certification Authority, O=Contoso, C=KR
[Serial Number]
77A120A
[Not Before]
6/4/2012 6:35:58 PM
[Not After]
6/4/2022 6:35:57 PM
[Thumbprint]
77378D1480AB48FEA2D4E610B2C7EEF648FEA2
}
AdditionalCertificates : {}This command gets information about the endorsement key of the TPM. The command uses the Sha256 algorithm to hash the public key.
Parameters
-HashAlgorithm
Specifies the hash algorithm used for the public key. The acceptable values for this parameter are: Sha256.
| Type: | String |
| Accepted values: | sha256 |
| Position: | 1 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Inputs
String
This accepts the name of the algorithm, as a string, used to hash the public key. Sha256 is the only supported algorithm.
Outputs
EndorsementKeyObject
This cmdlet generates an EndorsementKeyObject object that contains the following members:
- IsPresent. A Boolean that represents whether the endorsement public key is known to the operating system.
- PublicKey. An AsnEncodedData object that contains the asn.1 encoded public portion of the endorsement key.
- PublicKeyHash. The hash, as a String, of the public key if the cmdlet used a hash algorithm.
- ManufacturerCertificates. A X509Certificate2Collection object that contains the manufacturer endorsement key certificates. This object can contain the manufacturer and platform certificates.
- AdditionalCertificates. A X509Certificate2Collection object that contains a collection of additional endorsement key certificates that are registered to the operating system, such as any enterprise certificates.
Related Links
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for