bin/pkcs11/pkcs11-keygen.html

	pkcs11-keygen.html revision b091b4bb803b830d2d5a9e71b6648b669655d7dc
7f007e36bec06aba6b3a0f84a64f2abf99edfcd8gstein<!--
ca21f4d2622a817d3cb3204210afb6c586d5d7acrbb - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj -
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj - Permission to use, copy, modify, and/or distribute this software for any
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj - purpose with or without fee is hereby granted, provided that the above
df14f0d3a5191cdd7c4bb5b03acd135d43a6f51brbb - copyright notice and this permission notice appear in all copies.
df14f0d3a5191cdd7c4bb5b03acd135d43a6f51brbb -
ab71b233b3a36489e44a7b061c48293be0b17788jwoolley - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
571760de5e60c0b459cb11be45507b923cd023eejwoolley - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
571760de5e60c0b459cb11be45507b923cd023eejwoolley - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
9180a5933673ffb1af633c255ceee029340f3b1erbb - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
bcb6e1be6041dfeb549c8ea8d37f97ad4e90a0c3rbb - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
9bd71e35f5d26d26d23fe3a677401828e842ed72wrowe - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
2900ab946a2d76b73a14cebfe2985d253f01c967stoddard - PERFORMANCE OF THIS SOFTWARE.
a548c09e6a8ca1b059d0e93b5256c6ccb2b3c3cdrbb-->
a548c09e6a8ca1b059d0e93b5256c6ccb2b3c3cdrbb<!-- $Id: pkcs11-keygen.html,v 1.2 2009/10/05 12:13:15 fdupont Exp $ -->
a548c09e6a8ca1b059d0e93b5256c6ccb2b3c3cdrbb<html>
b876b7bcf0ce3d232da723246d709e8dbbfe8762rbb<head>
cf6bf6c34c936e6a6fe731dbce4a5c3c8bf8e9a3gstein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
35330e0d79ceb8027223bbb8330a381b1f989d6etrawick<title>pkcs11-keygen</title>
6f6f4a4bca281779d196acbdd5c017bb90858305trawick<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
8dd4618c4709236b4ea297d7250d282e463ce2d8rbb</head>
09bd86d0db1114ee23eda0a6eb76ca055877a1cftrawick<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
2deb319e6b3de239f45c16a3e9e836d44f1f7108rbb<a name="man.pkcs11-keygen"></a><div class="titlepage"></div>
bd929c73ef04789b7183b840d8db6e01d03a4d86rbb<div class="refnamediv">
70f6f32765cfaadd6da8de6f0fea97ddd72d8fadmanoj<h2>Name</h2>
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj<p><span class="application">pkcs11-keygen</span> &#8212; generate RSA keys on a PKCS#11 device</p>
af4c982a7cf4515f124935f99a329744035fc699slive</div>
af4c982a7cf4515f124935f99a329744035fc699slive<div class="refsynopsisdiv">
af4c982a7cf4515f124935f99a329744035fc699slive<h2>Synopsis</h2>
af4c982a7cf4515f124935f99a329744035fc699slive<div class="cmdsynopsis"><p><code class="command">pkcs11-keygen</code>  [<code class="option">-P</code>] [<code class="option">-m <em class="replaceable"><code>module</code></em></code>] [<code class="option">-s <em class="replaceable"><code>slot</code></em></code>] {-b <em class="replaceable"><code>keysize</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-p <em class="replaceable"><code>PIN</code></em></code>]</p></div>
af4c982a7cf4515f124935f99a329744035fc699slive</div>
af4c982a7cf4515f124935f99a329744035fc699slive<div class="refsect1" lang="en">
af4c982a7cf4515f124935f99a329744035fc699slive<a name="id2543384"></a><h2>DESCRIPTION</h2>
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj<p>
531c23ff01a2489646f0a2029097013b328d935agstein      <span><strong class="command">pkcs11-keygen</strong></span> causes a PKCS#11 device to generate
bf9acc131271d18db51d30ace549d3c3b6a2b9fbrbb      a new RSA key pair with the specified <code class="option">label</code> and
bf9acc131271d18db51d30ace549d3c3b6a2b9fbrbb      with <code class="option">keysize</code> bits of modulus.
bf9acc131271d18db51d30ace549d3c3b6a2b9fbrbb    </p>
bf9acc131271d18db51d30ace549d3c3b6a2b9fbrbb</div>
bf9acc131271d18db51d30ace549d3c3b6a2b9fbrbb<div class="refsect1" lang="en">
bf9acc131271d18db51d30ace549d3c3b6a2b9fbrbb<a name="id2543403"></a><h2>ARGUMENTS</h2>
bf9acc131271d18db51d30ace549d3c3b6a2b9fbrbb<div class="variablelist"><dl>
79d5106a9b65b956d646f5daae4b94bc79e315b8trawick<dt><span class="term">-P</span></dt>
79d5106a9b65b956d646f5daae4b94bc79e315b8trawick<dd><p>
79d5106a9b65b956d646f5daae4b94bc79e315b8trawick            Set the new private key to be non-sensitive and extractable.
79d5106a9b65b956d646f5daae4b94bc79e315b8trawick            The allows the private key data to be read from the PKCS#11
79d5106a9b65b956d646f5daae4b94bc79e315b8trawick            device.  The default is for private keys to be sensitive and
79d5106a9b65b956d646f5daae4b94bc79e315b8trawick            non-extractable.
ec75f189410513ab8f6e1173a9d9d277ebec9ce7gstein          </p></dd>
ec75f189410513ab8f6e1173a9d9d277ebec9ce7gstein<dt><span class="term">-m <em class="replaceable"><code>module</code></em></span></dt>
ec75f189410513ab8f6e1173a9d9d277ebec9ce7gstein<dd><p>
ec75f189410513ab8f6e1173a9d9d277ebec9ce7gstein            Specify the PKCS#11 provider module.  This must be the full
ec75f189410513ab8f6e1173a9d9d277ebec9ce7gstein            path to a shared library object implementing the PKCS#11 API
ec75f189410513ab8f6e1173a9d9d277ebec9ce7gstein            for the device.
ec75f189410513ab8f6e1173a9d9d277ebec9ce7gstein          </p></dd>
ec75f189410513ab8f6e1173a9d9d277ebec9ce7gstein<dt><span class="term">-s <em class="replaceable"><code>slot</code></em></span></dt>
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe<dd><p>
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe            Open the session with the given PKCS#11 slot.  The default is
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe            slot 0.
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe          </p></dd>
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe<dd><p>
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe            Create the key pair with <code class="option">keysize</code> bits of
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe            modulus.
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe          </p></dd>
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe<dd><p>
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe            Create key objects with the given label.
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe          </p></dd>
dc96a5e6f9af3c514df4c61ab9468fcf97f9846fwrowe<dt><span class="term">-p <em class="replaceable"><code>PIN</code></em></span></dt>
7bce59d998f2e5ca1cb60038ef6c1d0817605d62stoddard<dd><p>
7bce59d998f2e5ca1cb60038ef6c1d0817605d62stoddard            Specify the PIN for the device.  If no PIN is provided on the
7bce59d998f2e5ca1cb60038ef6c1d0817605d62stoddard            command line, <span><strong class="command">pkcs11-keygen</strong></span> will prompt for it.
7bce59d998f2e5ca1cb60038ef6c1d0817605d62stoddard          </p></dd>
7bce59d998f2e5ca1cb60038ef6c1d0817605d62stoddard</dl></div>
7bce59d998f2e5ca1cb60038ef6c1d0817605d62stoddard</div>
7bce59d998f2e5ca1cb60038ef6c1d0817605d62stoddard<div class="refsect1" lang="en">
7bce59d998f2e5ca1cb60038ef6c1d0817605d62stoddard<a name="id2543520"></a><h2>SEE ALSO</h2>
7bce59d998f2e5ca1cb60038ef6c1d0817605d62stoddard<p>
7bce59d998f2e5ca1cb60038ef6c1d0817605d62stoddard      <span class="citerefentry"><span class="refentrytitle">pkcs11-list</span>(3)</span>,
d57551cb28450661e77394ec332cf25b0f63aae1trawick      <span class="citerefentry"><span class="refentrytitle">pkcs11-destroy</span>(3)</span>
c3a2c6ae9a1c7f37d672a54c2c9a1b4f7941085btrawick    </p>
c3a2c6ae9a1c7f37d672a54c2c9a1b4f7941085btrawick</div>
c3a2c6ae9a1c7f37d672a54c2c9a1b4f7941085btrawick<div class="refsect1" lang="en">
c3a2c6ae9a1c7f37d672a54c2c9a1b4f7941085btrawick<a name="id2543546"></a><h2>CAVEAT</h2>
d57551cb28450661e77394ec332cf25b0f63aae1trawick<p>The public exponent is hard-wired to 65537.</p>
c3a2c6ae9a1c7f37d672a54c2c9a1b4f7941085btrawick<p>The command should optionally set the object ID too.</p>
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj</div>
33a70d93b992bbb63b809c24df29451f38f017c1rbb<div class="refsect1" lang="en">
809cf6f87f7a07b348f6d69961834923bc16313egstein<a name="id2543561"></a><h2>AUTHOR</h2>
46b9575c45e6e65788ec5b6362b1560737c12060jwoolley<p><span class="corpauthor">Internet Systems Consortium</span>
ca21f4d2622a817d3cb3204210afb6c586d5d7acrbb    </p>
af9f2bd7837c251df865825e03ad192e5c6aee18jim</div>
ca21f4d2622a817d3cb3204210afb6c586d5d7acrbb</div></body>
809cf6f87f7a07b348f6d69961834923bc16313egstein</html>
809cf6f87f7a07b348f6d69961834923bc16313egstein