Previously, tpm2_loadexternal was quite limited. It could only load a public/private file in the TSS format (aka generated via readpublic or create). Recently, on master, I have been working on a series that allows loading both the public and private portions of an object from PEM files. This way, folks can seamlessly use openssl objects in the TPM. The man pages have been updated, to show full examples, as well as tests for this. Tpm2_loadexternal supports: 1. AES keys (raw key byte files) 2. RSA keys 3. ECC keys We still need support for XOR and HMAC, but that should follow the AES key code closely. We dropped support for tpm2_loadexternal for TSS format private objects, as no command response returns such a structure from the TPM. Remember, that loadexternal loaded objects have restrictions on their use, since they are *NOT* tpm managed objects. This is the major Difference between tpm2_loadexternal and tpm2_import. ECC support has not been added to tpm2_import at this time.