ConvertToOwnerAuth method of the Win32_Tpm class

The ConvertToOwnerAuth method of the Win32_Tpm class translates a user-provided passphrase input into a 20-byte owner authorization that can be used to interact with the TPM. Methods such as TakeOwnership and ResetAuthLockOut require the resulting owner authorization value.

The conversion process follows the specifications from the Trusted Computing Group.


uint32 ConvertToOwnerAuth(
  [in]  string OwnerPassPhrase,
  [out] string OwnerAuth


OwnerPassPhrase [in]

Type: string

A string to convert to an owner authorization value. The string can contain any number of alphanumeric characters.

OwnerAuth [out]

Type: string

A string derived from the OwnerPassPhrase parameter. This value is a 20-byte binary value encoded to a 28-byte base64 null-terminated string.

Return value

Type: uint32

All TPM errors as well as errors specific to TPM Base Services can be returned.

The following tables lists some of the common return codes.

Return code/valueDescription
0 (0x0)

The method was successful.



A Unicode UTF-16LE encoded string is converted to the 20-byte TPM owner authorization value by taking the SHA-1 hash of the string's binary representation. The null termination of the Unicode string is not included in the hash. No salt is used in the SHA-1 hash.

For example, to convert the TPM owner passphrase "1Sample" to a TPM owner authorization value, the SHA-1 hash is taken from the following byte stream:

0x31 0x00 0x53 0x00 0x61 0x00 0x6D 0x00 0x70 0x00 0x6C 0x00 0x65 0x00

To convert a zero-length passphrase to an owner authorization value, the SHA-1 hash is taken of the NULL byte stream.

Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Windows SDK. They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).


Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]







See also