179 lines
5.9 KiB
Plaintext
179 lines
5.9 KiB
Plaintext
<!--
|
|
- Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
|
|
-
|
|
- Permission to use, copy, modify, and/or distribute this software for any
|
|
- purpose with or without fee is hereby granted, provided that the above
|
|
- copyright notice and this permission notice appear in all copies.
|
|
-
|
|
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
- PERFORMANCE OF THIS SOFTWARE.
|
|
-->
|
|
|
|
<!-- Converted by db4-upgrade version 1.0 -->
|
|
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.pkcs11-keygen">
|
|
<info>
|
|
<date>2009-10-05</date>
|
|
</info>
|
|
<refentryinfo>
|
|
<corpname>ISC</corpname>
|
|
<corpauthor>Internet Systems Consortium, Inc.</corpauthor>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle><application>pkcs11-keygen</application></refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
<refmiscinfo>BIND9</refmiscinfo>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname><application>pkcs11-keygen</application></refname>
|
|
<refpurpose>generate RSA keys on a PKCS#11 device</refpurpose>
|
|
</refnamediv>
|
|
|
|
<docinfo>
|
|
<copyright>
|
|
<year>2009</year>
|
|
<year>2014</year>
|
|
<year>2015</year>
|
|
<year>2016</year>
|
|
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
|
</copyright>
|
|
</docinfo>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis sepchar=" ">
|
|
<command>pkcs11-keygen</command>
|
|
<arg choice="opt" rep="norepeat"><option>-P</option></arg>
|
|
<arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">module</replaceable></option></arg>
|
|
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">slot</replaceable></option></arg>
|
|
<arg choice="opt" rep="norepeat"><option>-e</option></arg>
|
|
<arg choice="req" rep="norepeat">-b <replaceable class="parameter">keysize</replaceable></arg>
|
|
<arg choice="req" rep="norepeat">-l <replaceable class="parameter">label</replaceable></arg>
|
|
<arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">id</replaceable></option></arg>
|
|
<arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">PIN</replaceable></option></arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsection><info><title>DESCRIPTION</title></info>
|
|
|
|
<para>
|
|
<command>pkcs11-keygen</command> causes a PKCS#11 device to generate
|
|
a new RSA key pair with the specified <option>label</option> and
|
|
with <option>keysize</option> bits of modulus.
|
|
</para>
|
|
</refsection>
|
|
|
|
<refsection><info><title>ARGUMENTS</title></info>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>-P</term>
|
|
<listitem>
|
|
<para>
|
|
Set the new private key to be non-sensitive and extractable.
|
|
The allows the private key data to be read from the PKCS#11
|
|
device. The default is for private keys to be sensitive and
|
|
non-extractable.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-m <replaceable class="parameter">module</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
Specify the PKCS#11 provider module. This must be the full
|
|
path to a shared library object implementing the PKCS#11 API
|
|
for the device.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-s <replaceable class="parameter">slot</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
Open the session with the given PKCS#11 slot. The default is
|
|
slot 0.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-e</term>
|
|
<listitem>
|
|
<para>
|
|
Use a large exponent.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-b <replaceable class="parameter">keysize</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
Create the key pair with <option>keysize</option> bits of
|
|
modulus.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-l <replaceable class="parameter">label</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
Create key objects with the given label.
|
|
This name must be unique.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-i <replaceable class="parameter">id</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
Create key objects with id. The id is either
|
|
an unsigned short 2 byte or an unsigned long 4 byte number.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-p <replaceable class="parameter">PIN</replaceable></term>
|
|
<listitem>
|
|
<para>
|
|
Specify the PIN for the device. If no PIN is provided on the
|
|
command line, <command>pkcs11-keygen</command> will prompt for it.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsection>
|
|
|
|
<refsection><info><title>SEE ALSO</title></info>
|
|
|
|
<para>
|
|
<citerefentry>
|
|
<refentrytitle>pkcs11-list</refentrytitle><manvolnum>3</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>3</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>dnssec-keyfromlabel</refentrytitle><manvolnum>3</manvolnum>
|
|
</citerefentry>,
|
|
</para>
|
|
</refsection>
|
|
|
|
<refsection><info><title>CAVEAT</title></info>
|
|
|
|
<para>Some PKCS#11 providers crash with big public exponent.</para>
|
|
</refsection>
|
|
|
|
</refentry>
|