pkcs11-keygen.8 2.91 KB
Newer Older
Automatic Updater's avatar
Automatic Updater committed
1 2
.\" Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
.\"
Francis Dupont's avatar
regen  
Francis Dupont committed
3 4 5
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
Automatic Updater's avatar
Automatic Updater committed
6
.\"
Francis Dupont's avatar
regen  
Francis Dupont committed
7 8
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
Automatic Updater's avatar
Automatic Updater committed
9
.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
Francis Dupont's avatar
regen  
Francis Dupont committed
10 11 12 13 14
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
Automatic Updater's avatar
Automatic Updater committed
15
.\" $Id: pkcs11-keygen.8,v 1.4 2009/10/06 04:40:14 tbox Exp $
Francis Dupont's avatar
regen  
Francis Dupont committed
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
.\"
.hy 0
.ad l
.\"     Title: pkcs11\-keygen
.\"    Author: 
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\"      Date: Sep 18, 2009
.\"    Manual: BIND9
.\"    Source: BIND9
.\"
.TH "PKCS11\-KEYGEN" "8" "Sep 18, 2009" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
pkcs11\-keygen \- generate RSA keys on a PKCS#11 device
.SH "SYNOPSIS"
.HP 14
Francis Dupont's avatar
regen  
Francis Dupont committed
35
\fBpkcs11\-keygen\fR [\fB\-P\fR] [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] [\fB\-e\fR] {\-b\ \fIkeysize\fR} {\-l\ \fIlabel\fR} [\fB\-i\ \fR\fB\fIid\fR\fR] [\fB\-p\ \fR\fB\fIPIN\fR\fR]
Francis Dupont's avatar
regen  
Francis Dupont committed
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
.SH "DESCRIPTION"
.PP
\fBpkcs11\-keygen\fR
causes a PKCS#11 device to generate a new RSA key pair with the specified
\fBlabel\fR
and with
\fBkeysize\fR
bits of modulus.
.SH "ARGUMENTS"
.PP
\-P
.RS 4
Set the new private key to be non\-sensitive and extractable. The allows the private key data to be read from the PKCS#11 device. The default is for private keys to be sensitive and non\-extractable.
.RE
.PP
\-m \fImodule\fR
.RS 4
Specify the PKCS#11 provider module. This must be the full path to a shared library object implementing the PKCS#11 API for the device.
.RE
.PP
\-s \fIslot\fR
.RS 4
Open the session with the given PKCS#11 slot. The default is slot 0.
.RE
.PP
Francis Dupont's avatar
regen  
Francis Dupont committed
61 62 63 64 65
\-e
.RS 4
Use a large exponent.
.RE
.PP
Francis Dupont's avatar
regen  
Francis Dupont committed
66 67 68 69 70 71 72 73 74
\-b \fIkeysize\fR
.RS 4
Create the key pair with
\fBkeysize\fR
bits of modulus.
.RE
.PP
\-l \fIlabel\fR
.RS 4
Francis Dupont's avatar
regen  
Francis Dupont committed
75 76 77 78 79 80
Create key objects with the given label. This name must be unique.
.RE
.PP
\-i \fIid\fR
.RS 4
Create key objects with id. The id is either an unsigned short 2 byte or an unsigned long 4 byte number.
Francis Dupont's avatar
regen  
Francis Dupont committed
81 82 83 84 85 86 87 88 89 90 91
.RE
.PP
\-p \fIPIN\fR
.RS 4
Specify the PIN for the device. If no PIN is provided on the command line,
\fBpkcs11\-keygen\fR
will prompt for it.
.RE
.SH "SEE ALSO"
.PP
\fBpkcs11\-list\fR(3),
Francis Dupont's avatar
regen  
Francis Dupont committed
92 93
\fBpkcs11\-destroy\fR(3),
\fBdnssec\-keyfromlabel\fR(3),
Francis Dupont's avatar
regen  
Francis Dupont committed
94 95
.SH "CAVEAT"
.PP
Francis Dupont's avatar
regen  
Francis Dupont committed
96
Some PKCS#11 providers crash with big public exponent.
Francis Dupont's avatar
regen  
Francis Dupont committed
97 98 99 100 101 102
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")
.br