diff --git a/bin/pkcs11/pkcs11-keygen.8 b/bin/pkcs11/pkcs11-keygen.8 index db761ad63b69259847b4ca93224cefe14bec4fdf..93ba99db297388093aedd0644803db119cbcee15 100644 --- a/bin/pkcs11/pkcs11-keygen.8 +++ b/bin/pkcs11/pkcs11-keygen.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: pkcs11-keygen.8,v 1.2 2009/10/05 12:11:53 fdupont Exp $ +.\" $Id: pkcs11-keygen.8,v 1.3 2009/10/05 12:25:29 fdupont Exp $ .\" .hy 0 .ad l @@ -32,7 +32,7 @@ pkcs11\-keygen \- generate RSA keys on a PKCS#11 device .SH "SYNOPSIS" .HP 14 -\fBpkcs11\-keygen\fR [\fB\-P\fR] [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] {\-b\ \fIkeysize\fR} {\-l\ \fIlabel\fR} [\fB\-p\ \fR\fB\fIPIN\fR\fR] +\fBpkcs11\-keygen\fR [\fB\-P\fR] [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] [\fB\-e\fR] {\-b\ \fIkeysize\fR} {\-l\ \fIlabel\fR} [\fB\-i\ \fR\fB\fIid\fR\fR] [\fB\-p\ \fR\fB\fIPIN\fR\fR] .SH "DESCRIPTION" .PP \fBpkcs11\-keygen\fR @@ -58,6 +58,11 @@ Specify the PKCS#11 provider module. This must be the full path to a shared libr Open the session with the given PKCS#11 slot. The default is slot 0. .RE .PP +\-e +.RS 4 +Use a large exponent. +.RE +.PP \-b \fIkeysize\fR .RS 4 Create the key pair with @@ -67,7 +72,12 @@ bits of modulus. .PP \-l \fIlabel\fR .RS 4 -Create key objects with the given label. +Create key objects with the given label. This name must be unique. +.RE +.PP +\-i \fIid\fR +.RS 4 +Create key objects with id. The id is either an unsigned short 2 byte or an unsigned long 4 byte number. .RE .PP \-p \fIPIN\fR @@ -79,12 +89,11 @@ will prompt for it. .SH "SEE ALSO" .PP \fBpkcs11\-list\fR(3), -\fBpkcs11\-destroy\fR(3) +\fBpkcs11\-destroy\fR(3), +\fBdnssec\-keyfromlabel\fR(3), .SH "CAVEAT" .PP -The public exponent is hard\-wired to 65537. -.PP -The command should optionally set the object ID too. +Some PKCS#11 providers crash with big public exponent. .SH "AUTHOR" .PP Internet Systems Consortium diff --git a/bin/pkcs11/pkcs11-keygen.html b/bin/pkcs11/pkcs11-keygen.html index 77410e8633a8e5b61632509656550186faefe528..1292cf6508a27bdadab313bc456a12911f9164b6 100644 --- a/bin/pkcs11/pkcs11-keygen.html +++ b/bin/pkcs11/pkcs11-keygen.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -28,10 +28,10 @@

Synopsis

-

pkcs11-keygen [-P] [-m module] [-s slot] {-b keysize} {-l label} [-p PIN]

+

pkcs11-keygen [-P] [-m module] [-s slot] [-e] {-b keysize} {-l label} [-i id] [-p PIN]

-

DESCRIPTION

+

DESCRIPTION

pkcs11-keygen causes a PKCS#11 device to generate a new RSA key pair with the specified label and @@ -39,7 +39,7 @@

-

ARGUMENTS

+

ARGUMENTS

-P

@@ -59,6 +59,10 @@ Open the session with the given PKCS#11 slot. The default is slot 0.

+
-e
+

+ Use a large exponent. +

-b keysize

Create the key pair with keysize bits of @@ -67,6 +71,12 @@

-l label

Create key objects with the given label. + This name must be unique. +

+
-i id
+

+ Create key objects with id. The id is either + an unsigned short 2 byte or an unsigned long 4 byte number.

-p PIN

@@ -76,19 +86,19 @@

-

SEE ALSO

+

SEE ALSO

pkcs11-list(3), - pkcs11-destroy(3) + pkcs11-destroy(3), + dnssec-keyfromlabel(3),

-

CAVEAT

-

The public exponent is hard-wired to 65537.

-

The command should optionally set the object ID too.

+

CAVEAT

+

Some PKCS#11 providers crash with big public exponent.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium