2 - Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
4 - Permission to use, copy, modify, and/or distribute this software for any
5 - purpose with or without fee is hereby granted, provided that the above
6 - copyright notice and this permission notice appear in all copies.
8 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 - PERFORMANCE OF THIS SOFTWARE.
19 <meta http-equiv=
"Content-Type" content=
"text/html; charset=ISO-8859-1">
20 <title>pkcs11-ecgen
</title>
21 <meta name=
"generator" content=
"DocBook XSL Stylesheets V1.71.1">
23 <body bgcolor=
"white" text=
"black" link=
"#0000FF" vlink=
"#840084" alink=
"#0000FF"><div class=
"refentry" lang=
"en">
24 <a name=
"man.pkcs11-ecgen"></a><div class=
"titlepage"></div>
25 <div class=
"refnamediv">
27 <p><span class=
"application">pkcs11-keygen
</span> — generate keys on a PKCS#
11 device
</p>
29 <div class=
"refsynopsisdiv">
31 <div class=
"cmdsynopsis"><p><code class=
"command">pkcs11-keygen
</code> {-a
<em class=
"replaceable"><code>algorithm
</code></em>} [
<code class=
"option">-b
<em class=
"replaceable"><code>keysize
</code></em></code>] [
<code class=
"option">-e
</code>] [
<code class=
"option">-i
<em class=
"replaceable"><code>id
</code></em></code>] [
<code class=
"option">-m
<em class=
"replaceable"><code>module
</code></em></code>] [
<code class=
"option">-P
</code>] [
<code class=
"option">-p
<em class=
"replaceable"><code>PIN
</code></em></code>] [
<code class=
"option">-q
</code>] [
<code class=
"option">-S
</code>] [
<code class=
"option">-s
<em class=
"replaceable"><code>slot
</code></em></code>] {label}
</p></div>
33 <div class=
"refsect1" lang=
"en">
34 <a name=
"id2543410"></a><h2>DESCRIPTION
</h2>
36 <span><strong class=
"command">pkcs11-keygen
</strong></span> causes a PKCS#
11 device to generate
37 a new key pair with the given
<code class=
"option">label
</code> (which must be
38 unique) and with
<code class=
"option">keysize
</code> bits of prime.
41 <div class=
"refsect1" lang=
"en">
42 <a name=
"id2543430"></a><h2>ARGUMENTS
</h2>
43 <div class=
"variablelist"><dl>
44 <dt><span class=
"term">-a
<em class=
"replaceable"><code>algorithm
</code></em></span></dt>
46 Specify the key algorithm class: Supported classes are RSA,
47 DSA, DH, and ECC. In addition to these strings, the
48 <code class=
"option">algorithm
</code> can be specified as a DNSSEC
49 signing algorithm that will be used with this key; for
50 example, NSEC3RSASHA1 maps to RSA, and ECDSAP256SHA256 maps
51 to ECC. The default class is
"RSA".
53 <dt><span class=
"term">-b
<em class=
"replaceable"><code>keysize
</code></em></span></dt>
55 Create the key pair with
<code class=
"option">keysize
</code> bits of
56 prime. For ECC keys, the only valid values are
256 and
384,
57 and the default is
256.
59 <dt><span class=
"term">-e
</span></dt>
61 For RSA keys only, use a large exponent.
63 <dt><span class=
"term">-i
<em class=
"replaceable"><code>id
</code></em></span></dt>
65 Create key objects with id. The id is either
66 an unsigned short
2 byte or an unsigned long
4 byte number.
68 <dt><span class=
"term">-m
<em class=
"replaceable"><code>module
</code></em></span></dt>
70 Specify the PKCS#
11 provider module. This must be the full
71 path to a shared library object implementing the PKCS#
11 API
74 <dt><span class=
"term">-P
</span></dt>
76 Set the new private key to be non-sensitive and extractable.
77 The allows the private key data to be read from the PKCS#
11
78 device. The default is for private keys to be sensitive and
81 <dt><span class=
"term">-p
<em class=
"replaceable"><code>PIN
</code></em></span></dt>
83 Specify the PIN for the device. If no PIN is provided on
84 the command line,
<span><strong class=
"command">pkcs11-ecgen
</strong></span> will
87 <dt><span class=
"term">-e
</span></dt>
89 Quiet mode: suppress unnecessary output.
91 <dt><span class=
"term">-S
</span></dt>
93 For Diffie-Hellman (DH) keys only, use a special prime of
94 768,
1024 or
1536 bit size and base (aka generator)
2.
95 If not specified, bit size will default to
1024.
97 <dt><span class=
"term">-s
<em class=
"replaceable"><code>slot
</code></em></span></dt>
99 Open the session with the given PKCS#
11 slot. The default is
104 <div class=
"refsect1" lang=
"en">
105 <a name=
"id2543605"></a><h2>SEE ALSO
</h2>
107 <span class=
"citerefentry"><span class=
"refentrytitle">pkcs11-rsagen
</span>(
3)
</span>,
108 <span class=
"citerefentry"><span class=
"refentrytitle">pkcs11-dsagen
</span>(
3)
</span>,
109 <span class=
"citerefentry"><span class=
"refentrytitle">pkcs11-list
</span>(
3)
</span>,
110 <span class=
"citerefentry"><span class=
"refentrytitle">pkcs11-destroy
</span>(
3)
</span>,
111 <span class=
"citerefentry"><span class=
"refentrytitle">dnssec-keyfromlabel
</span>(
3)
</span>,
114 <div class=
"refsect1" lang=
"en">
115 <a name=
"id2543657"></a><h2>AUTHOR
</h2>
116 <p><span class=
"corpauthor">Internet Systems Consortium
</span>