pkcs11-keygen

Langue: en

Version: Sep 18, 2009 (fedora - 01/12/10)

Section: 8 (Commandes administrateur)

NAME

pkcs11-keygen - generate RSA keys on a PKCS#11 device

SYNOPSIS

pkcs11-keygen [-P] [-m module] [-s slot] [-e] {-b keysize} {-l label} [-i id] [-p PIN]

DESCRIPTION

pkcs11-keygen

causes a PKCS#11 device to generate a new RSA key pair with the specified label and with keysize bits of modulus.

ARGUMENTS

-P

Set the new private key to be non-sensitive and extractable. The allows the private key data to be read from the PKCS#11 device. The default is for private keys to be sensitive and non-extractable.

-m module

Specify the PKCS#11 provider module. This must be the full path to a shared library object implementing the PKCS#11 API for the device.

-s slot

Open the session with the given PKCS#11 slot. The default is slot 0.

-e

Use a large exponent.

-b keysize

Create the key pair with keysize bits of modulus.

-l label

Create key objects with the given label. This name must be unique.

-i id

Create key objects with id. The id is either an unsigned short 2 byte or an unsigned long 4 byte number.

-p PIN

Specify the PIN for the device. If no PIN is provided on the command line, pkcs11-keygen will prompt for it.

SEE ALSO

pkcs11-list(3), pkcs11-destroy(3), dnssec-keyfromlabel(3),

CAVEAT

Some PKCS#11 providers crash with big public exponent.

AUTHOR

Internet Systems Consortium

Copyright © 2009 Internet Systems Consortium, Inc. ("ISC")