I'm looking to build an application which creates a key on a TPM & uses the TPM to decrypt some application initialisation secrets delivered to the application via a control-plane, which verifies the key the TPM will use is on a TPM.

I'm struggling to find any sample applications/explanations/cookbooks for tmp2-tools to prototype out how this would work — in fact, I can't find an explainer of how to convert a key from "tss" format to PEM format. Is there something I've missed, or is there a sample TPM application or something kicking about I can refer to? I'm aware there are specification PDF's, but these are unapproachable to someone with attention-span disabilities.

Thanks,

Luke