pkcs11-destroy's usage message is misleading
pkcs11-destroy's usage message says "use whatever options you want, if any":
# /root/bind9/bin/pkcs11/pkcs11-destroy -h
Unrecognised option: -h
Usage:
pkcs11-destroy [-m module] [-s slot] [-i id | -l label] [-p pin] [-w waittime]But pkcs11-destroy(8) man page says that either -i, or -l needs to be provided:
SYNOPSIS
pkcs11-destroy [-m module] [-s slot] {-i ID | -l label} [-p PIN] [-w seconds]
DESCRIPTION
pkcs11-destroy destroys keys stored in a PKCS#11 device, identified by their ID or label.