pkcs11-keygen.8 4.32 KB
Newer Older
Tinderbox User's avatar
Tinderbox User committed
1
.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
Evan Hunt's avatar
Evan Hunt committed
2
.\" 
Francis Dupont's avatar
regen  
Francis Dupont committed
3 4 5
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
Evan Hunt's avatar
Evan Hunt committed
6
.\" 
Francis Dupont's avatar
regen  
Francis Dupont committed
7 8
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
Evan Hunt's avatar
Evan Hunt committed
9
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
Francis Dupont's avatar
regen  
Francis Dupont committed
10 11 12 13 14 15 16
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.hy 0
.ad l
Tinderbox User's avatar
Tinderbox User committed
17 18
'\" t
.\"     Title: pkcs11-keygen
Francis Dupont's avatar
regen  
Francis Dupont committed
19
.\"    Author: 
Tinderbox User's avatar
Tinderbox User committed
20 21
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\"      Date: 2014-01-15
Francis Dupont's avatar
regen  
Francis Dupont committed
22
.\"    Manual: BIND9
Tinderbox User's avatar
Tinderbox User committed
23 24
.\"    Source: ISC
.\"  Language: English
Francis Dupont's avatar
regen  
Francis Dupont committed
25
.\"
Tinderbox User's avatar
Tinderbox User committed
26 27 28 29 30 31 32 33 34 35 36 37 38
.TH "PKCS11\-KEYGEN" "8" "2014\-01\-15" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
Francis Dupont's avatar
regen  
Francis Dupont committed
39 40 41 42
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
Tinderbox User's avatar
Tinderbox User committed
43 44 45
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
Francis Dupont's avatar
regen  
Francis Dupont committed
46
.SH "NAME"
Tinderbox User's avatar
Tinderbox User committed
47
pkcs11-keygen \- generate keys on a PKCS#11 device
Francis Dupont's avatar
regen  
Francis Dupont committed
48
.SH "SYNOPSIS"
Tinderbox User's avatar
Tinderbox User committed
49
.HP \w'\fBpkcs11\-keygen\fR\ 'u
Evan Hunt's avatar
Evan Hunt committed
50
\fBpkcs11\-keygen\fR {\-a\ \fIalgorithm\fR} [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-e\fR] [\fB\-i\ \fR\fB\fIid\fR\fR] [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-P\fR] [\fB\-p\ \fR\fB\fIPIN\fR\fR] [\fB\-q\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] {label}
Francis Dupont's avatar
regen  
Francis Dupont committed
51 52 53
.SH "DESCRIPTION"
.PP
\fBpkcs11\-keygen\fR
Evan Hunt's avatar
Evan Hunt committed
54
causes a PKCS#11 device to generate a new key pair with the given
Francis Dupont's avatar
regen  
Francis Dupont committed
55
\fBlabel\fR
Evan Hunt's avatar
Evan Hunt committed
56
(which must be unique) and with
Francis Dupont's avatar
regen  
Francis Dupont committed
57
\fBkeysize\fR
Tinderbox User's avatar
Tinderbox User committed
58
bits of prime\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
59 60
.SH "ARGUMENTS"
.PP
Evan Hunt's avatar
Evan Hunt committed
61
\-a \fIalgorithm\fR
Francis Dupont's avatar
regen  
Francis Dupont committed
62
.RS 4
Tinderbox User's avatar
Tinderbox User committed
63
Specify the key algorithm class: Supported classes are RSA, DSA, DH, and ECC\&. In addition to these strings, the
Evan Hunt's avatar
Evan Hunt committed
64
\fBalgorithm\fR
Tinderbox User's avatar
Tinderbox User committed
65
can be specified as a DNSSEC signing algorithm that will be used with this key; for example, NSEC3RSASHA1 maps to RSA, and ECDSAP256SHA256 maps to ECC\&. The default class is "RSA"\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
66 67
.RE
.PP
Evan Hunt's avatar
Evan Hunt committed
68
\-b \fIkeysize\fR
Francis Dupont's avatar
regen  
Francis Dupont committed
69
.RS 4
Evan Hunt's avatar
Evan Hunt committed
70 71
Create the key pair with
\fBkeysize\fR
Tinderbox User's avatar
Tinderbox User committed
72
bits of prime\&. For ECC keys, the only valid values are 256 and 384, and the default is 256\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
73 74
.RE
.PP
Francis Dupont's avatar
regen  
Francis Dupont committed
75 76
\-e
.RS 4
Tinderbox User's avatar
Tinderbox User committed
77
For RSA keys only, use a large exponent\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
78 79
.RE
.PP
Evan Hunt's avatar
Evan Hunt committed
80
\-i \fIid\fR
Francis Dupont's avatar
regen  
Francis Dupont committed
81
.RS 4
Tinderbox User's avatar
Tinderbox User committed
82
Create key objects with id\&. The id is either an unsigned short 2 byte or an unsigned long 4 byte number\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
83 84
.RE
.PP
Evan Hunt's avatar
Evan Hunt committed
85
\-m \fImodule\fR
Francis Dupont's avatar
regen  
Francis Dupont committed
86
.RS 4
Tinderbox User's avatar
Tinderbox User committed
87
Specify the PKCS#11 provider module\&. This must be the full path to a shared library object implementing the PKCS#11 API for the device\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
88 89
.RE
.PP
Evan Hunt's avatar
Evan Hunt committed
90
\-P
Francis Dupont's avatar
regen  
Francis Dupont committed
91
.RS 4
Tinderbox User's avatar
Tinderbox User committed
92
Set the new private key to be non\-sensitive and extractable\&. The allows the private key data to be read from the PKCS#11 device\&. The default is for private keys to be sensitive and non\-extractable\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
93 94 95 96
.RE
.PP
\-p \fIPIN\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
97 98 99
Specify the PIN for the device\&. If no PIN is provided on the command line,
\fBpkcs11\-keygen\fR
will prompt for it\&.
Francis Dupont's avatar
regen  
Francis Dupont committed
100
.RE
Evan Hunt's avatar
Evan Hunt committed
101
.PP
Tinderbox User's avatar
Tinderbox User committed
102
\-q
Evan Hunt's avatar
Evan Hunt committed
103
.RS 4
Tinderbox User's avatar
Tinderbox User committed
104
Quiet mode: suppress unnecessary output\&.
Evan Hunt's avatar
Evan Hunt committed
105 106 107 108
.RE
.PP
\-S
.RS 4
Tinderbox User's avatar
Tinderbox User committed
109
For Diffie\-Hellman (DH) keys only, use a special prime of 768, 1024 or 1536 bit size and base (aka generator) 2\&. If not specified, bit size will default to 1024\&.
Evan Hunt's avatar
Evan Hunt committed
110 111 112 113
.RE
.PP
\-s \fIslot\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
114
Open the session with the given PKCS#11 slot\&. The default is slot 0\&.
Evan Hunt's avatar
Evan Hunt committed
115
.RE
Francis Dupont's avatar
regen  
Francis Dupont committed
116 117
.SH "SEE ALSO"
.PP
Tinderbox User's avatar
Tinderbox User committed
118 119 120 121
\fBpkcs11-destroy\fR(8),
\fBpkcs11-list\fR(8),
\fBpkcs11-tokens\fR(8),
\fBdnssec-keyfromlabel\fR(8)
Francis Dupont's avatar
regen  
Francis Dupont committed
122 123
.SH "AUTHOR"
.PP
Tinderbox User's avatar
Tinderbox User committed
124
\fBInternet Systems Consortium, Inc\&.\fR
Francis Dupont's avatar
regen  
Francis Dupont committed
125
.SH "COPYRIGHT"
Tinderbox User's avatar
Tinderbox User committed
126 127
.br
Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
Francis Dupont's avatar
regen  
Francis Dupont committed
128
.br