keys.md: clarify the TSS2 private key is TPM protected

To clarify #94.
tpm2-software · Oct 30, 2023 · c773cd6 · c773cd6
1 parent 60968f0
commit c773cd6
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/docs/keys.md b/docs/keys.md
@@ -142,8 +142,10 @@ The following encoders are supported:
 | PKCS1                | DER                      | `-RSAPublicKey_out -outform der` |
 | (null)               | text                     | `-text -noout`                   |
 
-For example, to export the X.509 SubjectPublicKeyInfo in PEM (`PUBLIC KEY`),
-which is the most common public key format, do:
+The `TSS2 PRIVATE KEY` file is protected by the TPM and cannot be used on another machine.
+
+To export the X.509 SubjectPublicKeyInfo in PEM (`PUBLIC KEY`), which is the most
+common public key format, do:
 ```
 openssl pkey -provider tpm2 -provider base -in testkey.priv -pubout -out testkey.pub
 ```