destroys keys stored in a PKCS#11 device, identified by their
\fBID\fR
or
\fBlabel\fR.
.PP
Matching keys are displayed before being destroyed. There is a five second delay to allow the user to interrupt the process before the destruction takes place.
.SH "ARGUMENTS"
.PP
\-m \fImodule\fR
.RS 4
Specify the PKCS#11 provider module. This must be the full path to a shared library object implementing the PKCS#11 API for the device.
.RE
.PP
\-s \fIslot\fR
.RS 4
Open the session with the given PKCS#11 slot. The default is slot 0.
.RE
.PP
\-i \fIID\fR
.RS 4
Destroy keys with the given object ID.
.RE
.PP
\-l \fIlabel\fR
.RS 4
Destroy keys with the given label.
.RE
.PP
\-p \fIPIN\fR
.RS 4
Specify the PIN for the device. If no PIN is provided on the command line,
\fBpkcs11\-destroy\fR
will prompt for it.
.RE
.SH "SEE ALSO"
.PP
\fBpkcs11\-list\fR(3),
\fBpkcs11\-keygen\fR(3)
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")
causes a PKCS#11 device to generate a new RSA key pair with the specified
\fBlabel\fR
and with
\fBkeysize\fR
bits of modulus.
.SH "ARGUMENTS"
.PP
\-P
.RS 4
Set the new private key to be non\-sensitive and extractable. The allows the private key data to be read from the PKCS#11 device. The default is for private keys to be sensitive and non\-extractable.
.RE
.PP
\-m \fImodule\fR
.RS 4
Specify the PKCS#11 provider module. This must be the full path to a shared library object implementing the PKCS#11 API for the device.
.RE
.PP
\-s \fIslot\fR
.RS 4
Open the session with the given PKCS#11 slot. The default is slot 0.
.RE
.PP
\-b \fIkeysize\fR
.RS 4
Create the key pair with
\fBkeysize\fR
bits of modulus.
.RE
.PP
\-l \fIlabel\fR
.RS 4
Create key objects with the given label.
.RE
.PP
\-p \fIPIN\fR
.RS 4
Specify the PIN for the device. If no PIN is provided on the command line,
\fBpkcs11\-keygen\fR
will prompt for it.
.RE
.SH "SEE ALSO"
.PP
\fBpkcs11\-list\fR(3),
\fBpkcs11\-destroy\fR(3)
.SH "CAVEAT"
.PP
The public exponent is hard\-wired to 65537.
.PP
The command should optionally set the object ID too.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")