pkcs11-keygen.docbook revision a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont [<!ENTITY mdash "—">]>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont - Permission to use, copy, modify, and/or distribute this software for any
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont - purpose with or without fee is hereby granted, provided that the above
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont - copyright notice and this permission notice appear in all copies.
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont - PERFORMANCE OF THIS SOFTWARE.
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont<!-- $Id: pkcs11-keygen.docbook,v 1.2 2009/10/05 12:07:08 fdupont Exp $ -->
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <refentryinfo>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </refentryinfo>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <refentrytitle><application>pkcs11-keygen</application></refentrytitle>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <refname><application>pkcs11-keygen</application></refname>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <refpurpose>generate RSA keys on a PKCS#11 device</refpurpose>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </refnamediv>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <refsynopsisdiv>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <cmdsynopsis>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <arg><option>-m <replaceable class="parameter">module</replaceable></option></arg>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <arg><option>-s <replaceable class="parameter">slot</replaceable></option></arg>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <arg choice="req">-b <replaceable class="parameter">keysize</replaceable></arg>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <arg choice="req">-l <replaceable class="parameter">label</replaceable></arg>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <arg><option>-p <replaceable class="parameter">PIN</replaceable></option></arg>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </cmdsynopsis>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </refsynopsisdiv>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <command>pkcs11-keygen</command> causes a PKCS#11 device to generate
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont a new RSA key pair with the specified <option>label</option> and
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont with <option>keysize</option> bits of modulus.
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <variablelist>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <varlistentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont Set the new private key to be non-sensitive and extractable.
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont The allows the private key data to be read from the PKCS#11
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont device. The default is for private keys to be sensitive and
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont non-extractable.
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </varlistentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <varlistentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <term>-m <replaceable class="parameter">module</replaceable></term>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont Specify the PKCS#11 provider module. This must be the full
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont path to a shared library object implementing the PKCS#11 API
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont for the device.
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </varlistentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <varlistentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <term>-s <replaceable class="parameter">slot</replaceable></term>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont Open the session with the given PKCS#11 slot. The default is
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </varlistentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <varlistentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <term>-b <replaceable class="parameter">keysize</replaceable></term>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont Create the key pair with <option>keysize</option> bits of
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </varlistentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <varlistentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <term>-l <replaceable class="parameter">label</replaceable></term>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont Create key objects with the given label.
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </varlistentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <varlistentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <term>-p <replaceable class="parameter">PIN</replaceable></term>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont Specify the PIN for the device. If no PIN is provided on the
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont command line, <command>pkcs11-keygen</command> will prompt for it.
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </varlistentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </variablelist>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <citerefentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <refentrytitle>pkcs11-list</refentrytitle><manvolnum>3</manvolnum>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </citerefentry>,
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <citerefentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>3</manvolnum>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont </citerefentry>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <para>The public exponent is hard-wired to 65537.</para>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <para>The command should optionally set the object ID too.</para>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont <para><corpauthor>Internet Systems Consortium</corpauthor>
a631b30b1ddd8b2ea780371d0d99ba1c05bc7e42Francis Dupont - Local variables: