man.pkcs11-keygen.html revision 350e5eecadfc5ee72b11b2cc46828c9a0bcd717c
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
32098293b78922a5fbd10906afa28624820d3756Tinderbox User - Copyright (C) 2000-2017 Internet Systems Consortium, Inc. ("ISC")
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User - This Source Code Form is subject to the terms of the Mozilla Public
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User - License, v. 2.0. If a copy of the MPL was not distributed with this
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User - file, You can obtain one at http://mozilla.org/MPL/2.0/.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<link rel="prev" href="man.pkcs11-list.html" title="pkcs11-list">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<link rel="next" href="man.pkcs11-tokens.html" title="pkcs11-tokens">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<table width="100%" summary="Navigation header">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<tr><th colspan="3" align="center"><span class="application">pkcs11-keygen</span></th></tr>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<a accesskey="p" href="man.pkcs11-list.html">Prev</a>�</td>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<th width="60%" align="center">Manual pages</th>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.pkcs11-tokens.html">Next</a>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<a name="man.pkcs11-keygen"></a><div class="titlepage"></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span class="application">pkcs11-keygen</span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User — generate keys on a PKCS#11 device
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User {-a <em class="replaceable"><code>algorithm</code></em>}
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User [<code class="option">-i <em class="replaceable"><code>id</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User [<code class="option">-m <em class="replaceable"><code>module</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User [<code class="option">-p <em class="replaceable"><code>PIN</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User [<code class="option">-s <em class="replaceable"><code>slot</code></em></code>]
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User<a name="id-1.14.38.7"></a><h2>DESCRIPTION</h2>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User <span class="command"><strong>pkcs11-keygen</strong></span> causes a PKCS#11 device to generate
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User a new key pair with the given <code class="option">label</code> (which must be
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User unique) and with <code class="option">keysize</code> bits of prime.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <div class="variablelist"><dl class="variablelist">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User Specify the key algorithm class: Supported classes are RSA,
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User DSA, DH, ECC and ECX. In addition to these strings, the
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User <code class="option">algorithm</code> can be specified as a DNSSEC
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User signing algorithm that will be used with this key; for
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User example, NSEC3RSASHA1 maps to RSA, ECDSAP256SHA256 maps
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User to ECC, and ED25519 to ECX. The default class is "RSA".
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User Create the key pair with <code class="option">keysize</code> bits of
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User prime. For ECC keys, the only valid values are 256 and 384,
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User and the default is 256. For ECX kyes, the only valid values
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User are 256 and 456, and the default is 256.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User For RSA keys only, use a large exponent.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<dt><span class="term">-i <em class="replaceable"><code>id</code></em></span></dt>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User Create key objects with id. The id is either
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User an unsigned short 2 byte or an unsigned long 4 byte number.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<dt><span class="term">-m <em class="replaceable"><code>module</code></em></span></dt>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User Specify the PKCS#11 provider module. This must be the full
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User path to a shared library object implementing the PKCS#11 API
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User for the device.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User Set the new private key to be non-sensitive and extractable.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User The allows the private key data to be read from the PKCS#11
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User device. The default is for private keys to be sensitive and
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User non-extractable.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<dt><span class="term">-p <em class="replaceable"><code>PIN</code></em></span></dt>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User Specify the PIN for the device. If no PIN is provided on
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User the command line, <span class="command"><strong>pkcs11-keygen</strong></span> will
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User prompt for it.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User Quiet mode: suppress unnecessary output.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User For Diffie-Hellman (DH) keys only, use a special prime of
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User 768, 1024 or 1536 bit size and base (aka generator) 2.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User If not specified, bit size will default to 1024.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<dt><span class="term">-s <em class="replaceable"><code>slot</code></em></span></dt>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User Open the session with the given PKCS#11 slot. The default is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span class="refentrytitle">pkcs11-destroy</span>(8)
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span class="refentrytitle">pkcs11-list</span>(8)
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span class="refentrytitle">pkcs11-tokens</span>(8)
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span class="refentrytitle">dnssec-keyfromlabel</span>(8)
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<table width="100%" summary="Navigation footer">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<a accesskey="p" href="man.pkcs11-list.html">Prev</a>�</td>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<td width="40%" align="right">�<a accesskey="n" href="man.pkcs11-tokens.html">Next</a>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<span class="application">pkcs11-list</span>�</td>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<td width="40%" align="right" valign="top">�<span class="application">pkcs11-tokens</span>
350e5eecadfc5ee72b11b2cc46828c9a0bcd717cTinderbox User<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.2 (Extended Support Version)</p>