Confirm-CAEndorsementKeyInfo
Confirm-CAEndorsementKeyInfo
Checks whether the local CA trusts secure hardware for key attestation.
구문
Parameter Set: Certificate
Confirm-CAEndorsementKeyInfo [-Certificate] <X509Certificate2> [ <CommonParameters>]
Parameter Set: PublicKeyHash
Confirm-CAEndorsementKeyInfo [-PublicKeyHash] <String> [ <CommonParameters>]
자세한 설명
The Confirm-CAEndorsementKeyInfo cmdlet checks whether the local certification authority (CA) trusts secure hardware, such as a Trusted Platform Module (TPM), for key attestation. The cmdlet checks the endorsement key or certificate. An endorsement key is permanently embedded in the security hardware. The public portion of the endorsement key helps to recognize genuine security hardware.
This cmdlet verifies whether the endorsement public certificate connects by means of a certificate chain to an anchor that the CA trusts for key attestation. Specify an X509 certificate by using the Certificate parameter.
This cmdlet checks whether the endorsement public key exists as a file in a folder configured at the local CA for key attestation. Specify the public key by using the PublicKeyHash parameter.
매개 변수
-Certificate<X509Certificate2>
Specifies an X509 public key certificate issued to secure hardware.
별칭 |
없음 |
필수 여부 |
true |
위치 |
1 |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
True (ByValue, ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-PublicKeyHash<String>
Specifies an endorsement public key of the secure hardware, as the result of the SHA-256 hash algorithm. This is a 64 character hexadecimal string.
별칭 |
없음 |
필수 여부 |
true |
위치 |
1 |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
True (ByValue, ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
<CommonParameters>
이 cmdlet은 일반 매개 변수 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer 및 -OutVariable을 지원합니다. 자세한 내용은 다음을 참조하세요. about_CommonParameters(https://go.microsoft.com/fwlink/p/?LinkID=113216).
입력
입력 유형은 cmdlet에 파이프할 수 있는 개체의 유형입니다.
- System.String, System.Security.Cryptography.X509Certificate2
출력
출력 유형은 cmdlet이 내보내는 개체의 유형입니다.
- System.Boolean
예제
Example 1: Check an endorsement certificate
This command checks whether the endorsement certificate Contoso87.cer connects, by means of a certificate chain, to a trusted anchor. This example returns a value of $True.
PS C:\> Confirm-CAEndorsementKeyInfo -Certificate Contoso87.cer
True
Example 2: Check an endorsement key
The command checks for the endorsement public certificate specified as an SHA-256 hash code. This example returns a value of $False. Therefore, the CA does not have this public key.
PS C:\> Confirm-CAEndorsementKeyInfo -PublicKeyHash "1dd117facfbdcbd8713b9c588eef305e61ce3d8e3c6e21e6323a877476ecd167"
False