doc/arm/man.pkcs11-keygen.html

	man.pkcs11-keygen.html revision c80e152862cc3e3207dc837fde7116bd4c0e4b9d
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<!--
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots -
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots - This Source Code Form is subject to the terms of the Mozilla Public
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots - License, v. 2.0. If a copy of the MPL was not distributed with this
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots - file, You can obtain one at http://mozilla.org/MPL/2.0/.
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots-->
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<html lang="en">
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<head>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<title>pkcs11-keygen</title>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<link rel="prev" href="man.pkcs11-list.html" title="pkcs11-list">
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<link rel="next" href="man.pkcs11-tokens.html" title="pkcs11-tokens">
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots</head>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<div class="navheader">
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<table width="100%" summary="Navigation header">
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<tr><th colspan="3" align="center"><span class="application">pkcs11-keygen</span></th></tr>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<tr>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<td width="20%" align="left">
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<a accesskey="p" href="man.pkcs11-list.html">Prev</a>�</td>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<th width="60%" align="center">Manual pages</th>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<td width="20%" align="right">�<a accesskey="n" href="man.pkcs11-tokens.html">Next</a>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots</td>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots</tr>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots</table>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<hr>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots</div>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<div class="refentry">
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<a name="man.pkcs11-keygen"></a><div class="titlepage"></div>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots  <div class="refnamediv">
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<h2>Name</h2>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots    <span class="application">pkcs11-keygen</span>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots     &#8212; generate keys on a PKCS#11 device
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots  </p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots</div>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots  <div class="refsynopsisdiv">
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<h2>Synopsis</h2>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots    <div class="cmdsynopsis"><p>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots      <code class="command">pkcs11-keygen</code>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots       {-a <em class="replaceable"><code>algorithm</code></em>}
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots       [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>]
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots       [<code class="option">-e</code>]
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots       [<code class="option">-i <em class="replaceable"><code>id</code></em></code>]
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots       [<code class="option">-m <em class="replaceable"><code>module</code></em></code>]
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots       [<code class="option">-P</code>]
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots       [<code class="option">-p <em class="replaceable"><code>PIN</code></em></code>]
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots       [<code class="option">-q</code>]
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots       [<code class="option">-S</code>]
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots       [<code class="option">-s <em class="replaceable"><code>slot</code></em></code>]
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots       {label}
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots    </p></div>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots  </div>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots  <div class="refsection">
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<a name="id-1.14.38.7"></a><h2>DESCRIPTION</h2>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots    <p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots      <span class="command"><strong>pkcs11-keygen</strong></span> causes a PKCS#11 device to generate
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots      a new key pair with the given <code class="option">label</code> (which must be
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots      unique) and with <code class="option">keysize</code> bits of prime.
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots    </p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots  </div>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots  <div class="refsection">
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<a name="id-1.14.38.8"></a><h2>ARGUMENTS</h2>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots    <div class="variablelist"><dl class="variablelist">
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots          <p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            Specify the key algorithm class: Supported classes are RSA,
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots            DSA, DH, ECC and ECX. In addition to these strings, the
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots            <code class="option">algorithm</code> can be specified as a DNSSEC
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots            signing algorithm that will be used with this key; for
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            example, NSEC3RSASHA1 maps to RSA, ECDSAP256SHA256 maps
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            to ECC, and ED25519 to ECX.  The default class is "RSA".
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots          </p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots        </dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dd>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots          <p>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots            Create the key pair with <code class="option">keysize</code> bits of
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots            prime. For ECC keys, the only valid values are 256 and 384,
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots            and the default is 256. For ECX kyes, the only valid values
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots            are 256 and 456, and the default is 256.
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots          </p>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots        </dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dt><span class="term">-e</span></dt>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots          <p>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots            For RSA keys only, use a large exponent.
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots          </p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots        </dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dt><span class="term">-i <em class="replaceable"><code>id</code></em></span></dt>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots          <p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            Create key objects with id. The id is either
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            an unsigned short 2 byte or an unsigned long 4 byte number.
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots          </p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots        </dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dt><span class="term">-m <em class="replaceable"><code>module</code></em></span></dt>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots          <p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            Specify the PKCS#11 provider module.  This must be the full
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            path to a shared library object implementing the PKCS#11 API
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            for the device.
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots          </p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots        </dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dt><span class="term">-P</span></dt>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<dd>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots          <p>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots            Set the new private key to be non-sensitive and extractable.
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots            The allows the private key data to be read from the PKCS#11
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            device.  The default is for private keys to be sensitive and
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            non-extractable.
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots          </p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots        </dd>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<dt><span class="term">-p <em class="replaceable"><code>PIN</code></em></span></dt>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots          <p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            Specify the PIN for the device.  If no PIN is provided on
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            the command line, <span class="command"><strong>pkcs11-keygen</strong></span> will
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            prompt for it.
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots          </p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots        </dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dt><span class="term">-q</span></dt>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dd>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots          <p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            Quiet mode: suppress unnecessary output.
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots          </p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots        </dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dt><span class="term">-S</span></dt>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dd>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots          <p>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            For Diffie-Hellman (DH) keys only, use a special prime of
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots            768, 1024 or 1536 bit size and base (aka generator) 2.
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots        If not specified, bit size will default to 1024.
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots          </p>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots        </dd>
f856a43636b28d436393ba16bcbe9016ebf7a59aTodd Kloots<dt><span class="term">-s <em class="replaceable"><code>slot</code></em></span></dt>
259d076b01f41c9f1846783430d4db658226dab1Todd Kloots<dd>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots          <p>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots            Open the session with the given PKCS#11 slot.  The default is
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots            slot 0.
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots          </p>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots        </dd>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots</dl></div>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots  </div>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots  <div class="refsection">
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<a name="id-1.14.38.9"></a><h2>SEE ALSO</h2>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots    <p>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots      <span class="citerefentry">
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots        <span class="refentrytitle">pkcs11-destroy</span>(8)
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots      </span>,
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots      <span class="citerefentry">
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots        <span class="refentrytitle">pkcs11-list</span>(8)
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots      </span>,
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots      <span class="citerefentry">
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots        <span class="refentrytitle">pkcs11-tokens</span>(8)
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots      </span>,
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots      <span class="citerefentry">
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots        <span class="refentrytitle">dnssec-keyfromlabel</span>(8)
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots      </span>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots    </p>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots  </div>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots</div>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<div class="navfooter">
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<hr>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<table width="100%" summary="Navigation footer">
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<tr>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<td width="40%" align="left">
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<a accesskey="p" href="man.pkcs11-list.html">Prev</a>�</td>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<td width="40%" align="right">�<a accesskey="n" href="man.pkcs11-tokens.html">Next</a>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots</td>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots</tr>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<tr>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<td width="40%" align="left" valign="top">
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<span class="application">pkcs11-list</span>�</td>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<td width="40%" align="right" valign="top">�<span class="application">pkcs11-tokens</span>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots</td>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots</tr>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots</table>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots</div>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3rc2 (Extended Support Version)</p>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots</body>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots</html>
9615eac6ad1cb6b99392e1d9369c97b2882cb1f8Todd Kloots