TPM2-Pytss: Error "hash algorithm not supported or not appropriate" when signing data with TPM2

I am trying to sign data using the TPM2 module in Python 3 with the tpm2-pytss library. The key has already been created and is persistent at handle 0x81000000. The signing process works fine when I use the terminal commands below:

tpm2_createprimary -C e -g sha256 -G ecc -c primary.ctx -a "fixedtpm|fixedparent|sensitivedataorigin|userwithauth|sign"tpm2_evictcontrol -C o -c primary.ctx 0x81000000 # make the key persistentecho "data to sign" > data.in.raw # create raw datasha256sum data.in.raw | awk '{ print "000000 " $1 }' | xxd -r -c 32 > data.in.digest # create digesttpm2_sign -Q -c 0x81000000 -g sha256 -d -f plain -o data.out.signed data.in.digest

However, when trying to replicate this process in Python with tpm2-pytss, I encounter an error during the signing step. Below is my Python code:

import tpm2_pytss# Initialize TPMtpm = tpm2_pytss.ESAPI(tcti=None)tpm.startup(tpm2_pytss.TPM2_SU.CLEAR)# Handle for the persistent keyhandle = tpm.tr_from_tpmpublic(0x81000000)# Inspect public key datapublic_data, _, _ = tpm.read_public(handle)public_area = public_data.publicAreaecc_params = public_area.parameters.eccDetailprint(f"Key Type: {public_area.type}")print(f"Name Algorithm: {public_area.nameAlg}")print(f"Attributes: {public_area.objectAttributes}")print(f"ECC Curve: {ecc_params.curveID}")print(f"ECC Scheme: {ecc_params.scheme.scheme}")# Data to be signeddata = b"data to sign"# Generate digest and validation ticketdigest, validation = tpm.hash(    data,    hash_alg=tpm2_pytss.TPM2_ALG.SHA256,    hierarchy=tpm2_pytss.ESYS_TR.NULL)# Set up ECDSA signing schemesigning_scheme = tpm2_pytss.TPMT_SIG_SCHEME(    scheme=tpm2_pytss.TPM2_ALG.ECDSA,    details=tpm2_pytss.TPMU_SIG_SCHEME()  # Empty scheme for ECDSA)# Attempt to sign the digest using TPMtry:    signature = tpm.sign(        handle,         # Key handle in TPM        digest,         # Generated digest        in_scheme=signing_scheme,  # ECDSA signing scheme        validation=validation  # Validation ticket    )    print(f"Generated Signature: {signature}")except tpm2_pytss.TSS2_Exception as e:    print(f"Error while signing: {e}")

When I run this, I get the following output and error:

Key Type: eccName Algorithm: sha256Attributes: fixedtpm|fixedparent|sensitivedataorigin|userwithauth|signECC Curve: nist_p256ECC Scheme: nullWARNING:esys:src/tss2-esys/api/Esys_Sign.c:314:Esys_Sign_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_Sign.c:108:Esys_Sign() Esys Finish ErrorCode (0x000002c3) Error while signing: tpm:parameter(2):hash algorithm not supported or not appropriate

What I've tried:

I verified the key attributes and scheme using tpm.read_public(). The scheme shows as null, which might be the issue.I've used the terminal commands to confirm the key works correctly for signing.Adjusted the signing scheme in Python to match the expected ECDSA parameters.

Questions:

How can I correctly specify the signing scheme for the TPM2_ALG.ECDSA key in tpm2-pytss?Is there an issue with how I am setting up the digest or validation ticket?Should the key's scheme (null) be explicitly set during creation to support ECDSA?

Any insights or suggestions would be greatly appreciated.