Andrew Stevens

Here how I seal a file with tpm-tools for TPM 1.2 on Ubuntu, with encryption locked to PCR 0 thru 10: initialize: tpm_takeownership -z -y seal plaintext.txt to ciphertext.txt tpm_sealdata -z -i plaintext.txt -o ciphertext.txt -p 0 -p 1 -p 2 -p 3 -p 4 -p 5 -p 6 -p 7 -p 8 -p 9 -p 10 unseal ciphertext.txt to plaintext_unsealed.txt: tpm_unsealdata -z -i ciphertext.txt > plaintext_unsealed.txt

Russ, just wanted to thank you for posting your seal+unseal scripts. They work unaltered on Ubuntu 18.04. I have much simpler seal+unseal code for TPM 1.2, and tried for days to get it working similarly on TPM 2.0. But it's far more complicated for 2.0. Thanks for solving the mystery!!