Confirm-CAAttestationIdentityKeyInfo

Confirm-CAAttestationIdentityKeyInfo

Checks whether the local CA trusts a TPM AIK for key attestation.

Syntax

Parameter Set: Certificate
Confirm-CAAttestationIdentityKeyInfo [-Certificate] <X509Certificate2> [ <CommonParameters>]

Parameter Set: PublicKeyHash
Confirm-CAAttestationIdentityKeyInfo [-PublicKeyHash] <String> [ <CommonParameters>]

Detailed Description

The Confirm-CAAttestationIdentityKeyInfo cmdlet checks whether the local certification authority (CA) trusts a Trusted Platform Module (TPM) attestation identity key (AIK) for key attestation. If you specify an AIK certificate, this cmdlet checks whether the certificate in the TPM chains up to anchors that the CA trusts for TPM attestation. If you specify the hash of the AIK, this cmdlet checks whether the hash exists in the TPM as a file in any one of the allow list folders configured for the local CA.

Parameters

-Certificate<X509Certificate2>

Specifies an X509 public key certificate issued to the attestation identity key.

-PublicKeyHash<String>

Specifies the Secure Hash Algorithm (SHA-256) hash of the AIK as a 64-character hexadecimal string.

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see  about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

• System.String, System.Security.Cryptography.X509Certificates.X509Certificate2

Outputs

The output type is the type of the objects that the cmdlet emits.

• System.Boolean

Examples

Example 1: Check whether the specified certificate chains up to trusted anchors

This command checks whether the specified certificate chains up to anchors that the CA trusts for TPM attestation.

PS C:\> Confirm-CAAttestationIdentityKeyInfo -Certificate test.cer

True

Related topics

Confirm-CAEndorsementKeyInfo