I am encountering some issues while using tpm2_loadexternal

[sw1128]

Hello,
I currently have a client and a server.
Firstly, I have read the EK certificate using "tpm2_nvread" on the client and sent it to the server.
Next, I have encountered some problems:
I want to use OpenSSL to extract the EK public key from the EK certificate on the server, the purpose is to use the EK public key to execute "tpm2_loadexternal" to generate a "ek.ctx", then I can proceed with the subsequent steps.

Can you tell me how to obtain the EK public key and how to execute "tpm2_loadexternal", thank you！

[AndreasFuchsTPM]

To create an ek.ctx file on the client, please use https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_createek.1.md

But I assume that this is not really, what you want to do. Maybe you could lay out the complete use case end to end.

[sw1128]

ok, now I have a new question.
After using OpenSSL to extract the "public_key.pem" from the certificate, I then use it as a "-u" parameter to execute "tpm2_loadexternal", it gives me a error: Unable to run tpm2_loadexternal. But when I use a public key file with a TPM2B_PUBLIC structure, it can run normally.

openssl x509 -in sm2_ek_cert.pem -pubkey -noout > public_key.pem
tpm2_loadexternal -C e -G ecc_sm2 -g sm3_256 -u public_key.pem -c ek.ctx