doc/arm/man.pkcs11-keygen.html

	man.pkcs11-keygen.html revision c313914d0e66b20969215e519bbf2ab4ecf39512
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<!--
32098293b78922a5fbd10906afa28624820d3756Tinderbox User - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews -
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - This Source Code Form is subject to the terms of the Mozilla Public
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - License, v. 2.0. If a copy of the MPL was not distributed with this
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - file, You can obtain one at http://mozilla.org/MPL/2.0/.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews-->
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<html lang="en">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<head>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<title>pkcs11-keygen</title>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<link rel="prev" href="man.pkcs11-list.html" title="pkcs11-list">
e108f2ec640e1acb54999c0ade58af606149956dTinderbox User<link rel="next" href="man.pkcs11-tokens.html" title="pkcs11-tokens">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</head>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="navheader">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<table width="100%" summary="Navigation header">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr><th colspan="3" align="center"><span class="application">pkcs11-keygen</span></th></tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="20%" align="left">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<a accesskey="p" href="man.pkcs11-list.html">Prev</a>�</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<th width="60%" align="center">Manual pages</th>
e108f2ec640e1acb54999c0ade58af606149956dTinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.pkcs11-tokens.html">Next</a>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</table>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<hr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refentry">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="man.pkcs11-keygen"></a><div class="titlepage"></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  <div class="refnamediv">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<h2>Name</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <span class="application">pkcs11-keygen</span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User     &#8212; generate keys on a PKCS#11 device
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  <div class="refsynopsisdiv">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<h2>Synopsis</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <div class="cmdsynopsis"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <code class="command">pkcs11-keygen</code>
c32570b3191fdfb38a65567b8bb729fdb42ff847Tinderbox User       {-a <em class="replaceable"><code>algorithm</code></em>}
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-e</code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-i <em class="replaceable"><code>id</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-m <em class="replaceable"><code>module</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-P</code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-p <em class="replaceable"><code>PIN</code></em></code>]
9700e6d72c3ba0d0c567969ab97d9eff202656d4Tinderbox User       [<code class="option">-q</code>]
9700e6d72c3ba0d0c567969ab97d9eff202656d4Tinderbox User       [<code class="option">-S</code>]
9700e6d72c3ba0d0c567969ab97d9eff202656d4Tinderbox User       [<code class="option">-s <em class="replaceable"><code>slot</code></em></code>]
9700e6d72c3ba0d0c567969ab97d9eff202656d4Tinderbox User       {label}
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  <div class="refsection">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="id-1.14.38.7"></a><h2>DESCRIPTION</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <span class="command"><strong>pkcs11-keygen</strong></span> causes a PKCS#11 device to generate
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User      a new key pair with the given <code class="option">label</code> (which must be
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      unique) and with <code class="option">keysize</code> bits of prime.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  </div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  <div class="refsection">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="id-1.14.38.8"></a><h2>ARGUMENTS</h2>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <div class="variablelist"><dl class="variablelist">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            Specify the key algorithm class: Supported classes are RSA,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            DSA, DH, ECC and ECX. In addition to these strings, the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            <code class="option">algorithm</code> can be specified as a DNSSEC
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            signing algorithm that will be used with this key; for
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            example, NSEC3RSASHA1 maps to RSA, ECDSAP256SHA256 maps
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            to ECC, and ED25519 to ECX.  The default class is "RSA".
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          </p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        </dd>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dd>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          <p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Create the key pair with <code class="option">keysize</code> bits of
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            prime. For ECC keys, the only valid values are 256 and 384,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            and the default is 256. For ECX kyes, the only valid values
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            are 256 and 456, and the default is 256.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User          </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        </dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-e</span></dt>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            For RSA keys only, use a large exponent.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User          </p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User        </dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-i <em class="replaceable"><code>id</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User          <p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Create key objects with id. The id is either
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            an unsigned short 2 byte or an unsigned long 4 byte number.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User          </p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User        </dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-m <em class="replaceable"><code>module</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User          <p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Specify the PKCS#11 provider module.  This must be the full
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            path to a shared library object implementing the PKCS#11 API
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User            for the device.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User          </p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User        </dd>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<dt><span class="term">-P</span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User            Set the new private key to be non-sensitive and extractable.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            The allows the private key data to be read from the PKCS#11
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            device.  The default is for private keys to be sensitive and
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            non-extractable.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User          </p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User        </dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-p <em class="replaceable"><code>PIN</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User          <p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Specify the PIN for the device.  If no PIN is provided on
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            the command line, <span class="command"><strong>pkcs11-keygen</strong></span> will
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User            prompt for it.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User          </p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User        </dd>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<dt><span class="term">-q</span></dt>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Quiet mode: suppress unnecessary output.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User          </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        </dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-S</span></dt>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<dd>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User          <p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            For Diffie-Hellman (DH) keys only, use a special prime of
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            768, 1024 or 1536 bit size and base (aka generator) 2.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User        If not specified, bit size will default to 1024.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        </dd>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<dt><span class="term">-s <em class="replaceable"><code>slot</code></em></span></dt>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<dd>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User          <p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User            Open the session with the given PKCS#11 slot.  The default is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            slot 0.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User        </dd>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User</dl></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  </div>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User  <div class="refsection">
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<a name="id-1.14.38.9"></a><h2>SEE ALSO</h2>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User    <p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <span class="citerefentry">
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User        <span class="refentrytitle">pkcs11-destroy</span>(8)
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      </span>,
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      <span class="citerefentry">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <span class="refentrytitle">pkcs11-list</span>(8)
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      </span>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <span class="citerefentry">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <span class="refentrytitle">pkcs11-tokens</span>(8)
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      </span>,
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      <span class="citerefentry">
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User        <span class="refentrytitle">dnssec-keyfromlabel</span>(8)
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      </span>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User    </p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User  </div>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User</div>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<div class="navfooter">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<hr>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<table width="100%" summary="Navigation footer">
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<tr>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="40%" align="left">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a accesskey="p" href="man.pkcs11-list.html">Prev</a>�</td>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User<td width="40%" align="right">�<a accesskey="n" href="man.pkcs11-tokens.html">Next</a>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User</td>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User</tr>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User<tr>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<td width="40%" align="left" valign="top">
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<span class="application">pkcs11-list</span>�</td>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<td width="40%" align="right" valign="top">�<span class="application">pkcs11-tokens</span>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User</td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</tr>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</table>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User</div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</body>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User</html>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User