etc/services - sync with NetBSD-8
[minix.git] / external / bsd / bind / dist / bin / pkcs11 / pkcs11-keygen.html
blob93edb00e7c9ee74d635c6646d368628fa793f2d1
1 <!--
2 - Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
3 -
4 - Permission to use, copy, modify, and/or distribute this software for any
5 - purpose with or without fee is hereby granted, provided that the above
6 - copyright notice and this permission notice appear in all copies.
7 -
8 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 - PERFORMANCE OF THIS SOFTWARE.
15 -->
16 <!-- Id -->
17 <html>
18 <head>
19 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
20 <title>pkcs11-ecgen</title>
21 <meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
22 </head>
23 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
24 <a name="man.pkcs11-ecgen"></a><div class="titlepage"></div>
25 <div class="refnamediv">
26 <h2>Name</h2>
27 <p><span class="application">pkcs11-keygen</span> &#8212; generate keys on a PKCS#11 device</p>
28 </div>
29 <div class="refsynopsisdiv">
30 <h2>Synopsis</h2>
31 <div class="cmdsynopsis"><p><code class="command">pkcs11-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-e</code>] [<code class="option">-i <em class="replaceable"><code>id</code></em></code>] [<code class="option">-m <em class="replaceable"><code>module</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p <em class="replaceable"><code>PIN</code></em></code>] [<code class="option">-q</code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>slot</code></em></code>] {label}</p></div>
32 </div>
33 <div class="refsect1" lang="en">
34 <a name="id2543410"></a><h2>DESCRIPTION</h2>
35 <p>
36 <span><strong class="command">pkcs11-keygen</strong></span> causes a PKCS#11 device to generate
37 a new key pair with the given <code class="option">label</code> (which must be
38 unique) and with <code class="option">keysize</code> bits of prime.
39 </p>
40 </div>
41 <div class="refsect1" lang="en">
42 <a name="id2543430"></a><h2>ARGUMENTS</h2>
43 <div class="variablelist"><dl>
44 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
45 <dd><p>
46 Specify the key algorithm class: Supported classes are RSA,
47 DSA, DH, and ECC. In addition to these strings, the
48 <code class="option">algorithm</code> can be specified as a DNSSEC
49 signing algorithm that will be used with this key; for
50 example, NSEC3RSASHA1 maps to RSA, and ECDSAP256SHA256 maps
51 to ECC. The default class is "RSA".
52 </p></dd>
53 <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
54 <dd><p>
55 Create the key pair with <code class="option">keysize</code> bits of
56 prime. For ECC keys, the only valid values are 256 and 384,
57 and the default is 256.
58 </p></dd>
59 <dt><span class="term">-e</span></dt>
60 <dd><p>
61 For RSA keys only, use a large exponent.
62 </p></dd>
63 <dt><span class="term">-i <em class="replaceable"><code>id</code></em></span></dt>
64 <dd><p>
65 Create key objects with id. The id is either
66 an unsigned short 2 byte or an unsigned long 4 byte number.
67 </p></dd>
68 <dt><span class="term">-m <em class="replaceable"><code>module</code></em></span></dt>
69 <dd><p>
70 Specify the PKCS#11 provider module. This must be the full
71 path to a shared library object implementing the PKCS#11 API
72 for the device.
73 </p></dd>
74 <dt><span class="term">-P</span></dt>
75 <dd><p>
76 Set the new private key to be non-sensitive and extractable.
77 The allows the private key data to be read from the PKCS#11
78 device. The default is for private keys to be sensitive and
79 non-extractable.
80 </p></dd>
81 <dt><span class="term">-p <em class="replaceable"><code>PIN</code></em></span></dt>
82 <dd><p>
83 Specify the PIN for the device. If no PIN is provided on
84 the command line, <span><strong class="command">pkcs11-ecgen</strong></span> will
85 prompt for it.
86 </p></dd>
87 <dt><span class="term">-e</span></dt>
88 <dd><p>
89 Quiet mode: suppress unnecessary output.
90 </p></dd>
91 <dt><span class="term">-S</span></dt>
92 <dd><p>
93 For Diffie-Hellman (DH) keys only, use a special prime of
94 768, 1024 or 1536 bit size and base (aka generator) 2.
95 If not specified, bit size will default to 1024.
96 </p></dd>
97 <dt><span class="term">-s <em class="replaceable"><code>slot</code></em></span></dt>
98 <dd><p>
99 Open the session with the given PKCS#11 slot. The default is
100 slot 0.
101 </p></dd>
102 </dl></div>
103 </div>
104 <div class="refsect1" lang="en">
105 <a name="id2543605"></a><h2>SEE ALSO</h2>
107 <span class="citerefentry"><span class="refentrytitle">pkcs11-rsagen</span>(3)</span>,
108 <span class="citerefentry"><span class="refentrytitle">pkcs11-dsagen</span>(3)</span>,
109 <span class="citerefentry"><span class="refentrytitle">pkcs11-list</span>(3)</span>,
110 <span class="citerefentry"><span class="refentrytitle">pkcs11-destroy</span>(3)</span>,
111 <span class="citerefentry"><span class="refentrytitle">dnssec-keyfromlabel</span>(3)</span>,
112 </p>
113 </div>
114 <div class="refsect1" lang="en">
115 <a name="id2543657"></a><h2>AUTHOR</h2>
116 <p><span class="corpauthor">Internet Systems Consortium</span>
117 </p>
118 </div>
119 </div></body>
120 </html>