diff options
Diffstat (limited to 'bin/pkcs11/pkcs11-keygen.8')
| -rw-r--r-- | bin/pkcs11/pkcs11-keygen.8 | 120 |
1 files changed, 120 insertions, 0 deletions
diff --git a/bin/pkcs11/pkcs11-keygen.8 b/bin/pkcs11/pkcs11-keygen.8 new file mode 100644 index 0000000..c1355d4 --- /dev/null +++ b/bin/pkcs11/pkcs11-keygen.8 @@ -0,0 +1,120 @@ +.\" Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC") +.\" +.\" This Source Code Form is subject to the terms of the Mozilla Public +.\" License, v. 2.0. If a copy of the MPL was not distributed with this +.\" file, You can obtain one at http://mozilla.org/MPL/2.0/. +.\" +.hy 0 +.ad l +'\" t +.\" Title: pkcs11-keygen +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 2014-01-15 +.\" Manual: BIND9 +.\" Source: ISC +.\" Language: English +.\" +.TH "PKCS11\-KEYGEN" "8" "2014\-01\-15" "ISC" "BIND9" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pkcs11-keygen \- generate keys on a PKCS#11 device +.SH "SYNOPSIS" +.HP \w'\fBpkcs11\-keygen\fR\ 'u +\fBpkcs11\-keygen\fR {\-a\ \fIalgorithm\fR} [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-e\fR] [\fB\-i\ \fR\fB\fIid\fR\fR] [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-P\fR] [\fB\-p\ \fR\fB\fIPIN\fR\fR] [\fB\-q\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] {label} +.SH "DESCRIPTION" +.PP +\fBpkcs11\-keygen\fR +causes a PKCS#11 device to generate a new key pair with the given +\fBlabel\fR +(which must be unique) and with +\fBkeysize\fR +bits of prime\&. +.SH "ARGUMENTS" +.PP +\-a \fIalgorithm\fR +.RS 4 +Specify the key algorithm class: Supported classes are RSA, DSA, DH, ECC and ECX\&. In addition to these strings, the +\fBalgorithm\fR +can be specified as a DNSSEC signing algorithm that will be used with this key; for example, NSEC3RSASHA1 maps to RSA, ECDSAP256SHA256 maps to ECC, and ED25519 to ECX\&. The default class is "RSA"\&. +.RE +.PP +\-b \fIkeysize\fR +.RS 4 +Create the key pair with +\fBkeysize\fR +bits of prime\&. For ECC keys, the only valid values are 256 and 384, and the default is 256\&. For ECX kyes, the only valid values are 256 and 456, and the default is 256\&. +.RE +.PP +\-e +.RS 4 +For RSA keys only, use a large exponent\&. +.RE +.PP +\-i \fIid\fR +.RS 4 +Create key objects with id\&. The id is either an unsigned short 2 byte or an unsigned long 4 byte number\&. +.RE +.PP +\-m \fImodule\fR +.RS 4 +Specify the PKCS#11 provider module\&. This must be the full path to a shared library object implementing the PKCS#11 API for the device\&. +.RE +.PP +\-P +.RS 4 +Set the new private key to be non\-sensitive and extractable\&. The allows the private key data to be read from the PKCS#11 device\&. The default is for private keys to be sensitive and non\-extractable\&. +.RE +.PP +\-p \fIPIN\fR +.RS 4 +Specify the PIN for the device\&. If no PIN is provided on the command line, +\fBpkcs11\-keygen\fR +will prompt for it\&. +.RE +.PP +\-q +.RS 4 +Quiet mode: suppress unnecessary output\&. +.RE +.PP +\-S +.RS 4 +For Diffie\-Hellman (DH) keys only, use a special prime of 768, 1024 or 1536 bit size and base (aka generator) 2\&. If not specified, bit size will default to 1024\&. +.RE +.PP +\-s \fIslot\fR +.RS 4 +Open the session with the given PKCS#11 slot\&. The default is slot 0\&. +.RE +.SH "SEE ALSO" +.PP +\fBpkcs11-destroy\fR(8), +\fBpkcs11-list\fR(8), +\fBpkcs11-tokens\fR(8), +\fBdnssec-keyfromlabel\fR(8) +.SH "AUTHOR" +.PP +\fBInternet Systems Consortium, Inc\&.\fR +.SH "COPYRIGHT" +.br +Copyright \(co 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC") +.br |