| blob | 85dc4c5793e0786c9a4f441d68c46d808c652a62 |
1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3 [<!ENTITY mdash "—">]>
4 <!--
5 - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
6 -
7 - Permission to use, copy, modify, and/or distribute this software for any
8 - purpose with or without fee is hereby granted, provided that the above
9 - copyright notice and this permission notice appear in all copies.
10 -
11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 - PERFORMANCE OF THIS SOFTWARE.
18 -->
20 <!-- Id: pkcs11-keygen.docbook,v 1.3 2009/10/05 12:23:11 fdupont Exp -->
21 <refentry id="man.pkcs11-keygen">
22 <refentryinfo>
23 <date>Sep 18, 2009</date>
24 </refentryinfo>
26 <refmeta>
27 <refentrytitle><application>pkcs11-keygen</application></refentrytitle>
28 <manvolnum>8</manvolnum>
29 <refmiscinfo>BIND9</refmiscinfo>
30 </refmeta>
32 <refnamediv>
33 <refname><application>pkcs11-keygen</application></refname>
34 <refpurpose>generate RSA keys on a PKCS#11 device</refpurpose>
35 </refnamediv>
37 <docinfo>
38 <copyright>
39 <year>2009</year>
40 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
41 </copyright>
42 </docinfo>
44 <refsynopsisdiv>
45 <cmdsynopsis>
46 <command>pkcs11-keygen</command>
47 <arg><option>-P</option></arg>
48 <arg><option>-m <replaceable class="parameter">module</replaceable></option></arg>
49 <arg><option>-s <replaceable class="parameter">slot</replaceable></option></arg>
50 <arg><option>-e</option></arg>
51 <arg choice="req">-b <replaceable class="parameter">keysize</replaceable></arg>
52 <arg choice="req">-l <replaceable class="parameter">label</replaceable></arg>
53 <arg><option>-i <replaceable class="parameter">id</replaceable></option></arg>
54 <arg><option>-p <replaceable class="parameter">PIN</replaceable></option></arg>
55 </cmdsynopsis>
56 </refsynopsisdiv>
58 <refsect1>
59 <title>DESCRIPTION</title>
60 <para>
61 <command>pkcs11-keygen</command> causes a PKCS#11 device to generate
62 a new RSA key pair with the specified <option>label</option> and
63 with <option>keysize</option> bits of modulus.
64 </para>
65 </refsect1>
67 <refsect1>
68 <title>ARGUMENTS</title>
69 <variablelist>
70 <varlistentry>
71 <term>-P</term>
72 <listitem>
73 <para>
74 Set the new private key to be non-sensitive and extractable.
75 The allows the private key data to be read from the PKCS#11
76 device. The default is for private keys to be sensitive and
77 non-extractable.
78 </para>
79 </listitem>
80 </varlistentry>
82 <varlistentry>
83 <term>-m <replaceable class="parameter">module</replaceable></term>
84 <listitem>
85 <para>
86 Specify the PKCS#11 provider module. This must be the full
87 path to a shared library object implementing the PKCS#11 API
88 for the device.
89 </para>
90 </listitem>
91 </varlistentry>
93 <varlistentry>
94 <term>-s <replaceable class="parameter">slot</replaceable></term>
95 <listitem>
96 <para>
97 Open the session with the given PKCS#11 slot. The default is
98 slot 0.
99 </para>
100 </listitem>
101 </varlistentry>
103 <varlistentry>
104 <term>-e</term>
105 <listitem>
106 <para>
107 Use a large exponent.
108 </para>
109 </listitem>
110 </varlistentry>
112 <varlistentry>
113 <term>-b <replaceable class="parameter">keysize</replaceable></term>
114 <listitem>
115 <para>
116 Create the key pair with <option>keysize</option> bits of
117 modulus.
118 </para>
119 </listitem>
120 </varlistentry>
122 <varlistentry>
123 <term>-l <replaceable class="parameter">label</replaceable></term>
124 <listitem>
125 <para>
126 Create key objects with the given label.
127 This name must be unique.
128 </para>
129 </listitem>
130 </varlistentry>
132 <varlistentry>
133 <term>-i <replaceable class="parameter">id</replaceable></term>
134 <listitem>
135 <para>
136 Create key objects with id. The id is either
137 an unsigned short 2 byte or an unsigned long 4 byte number.
138 </para>
139 </listitem>
140 </varlistentry>
142 <varlistentry>
143 <term>-p <replaceable class="parameter">PIN</replaceable></term>
144 <listitem>
145 <para>
146 Specify the PIN for the device. If no PIN is provided on the
147 command line, <command>pkcs11-keygen</command> will prompt for it.
148 </para>
149 </listitem>
150 </varlistentry>
151 </variablelist>
152 </refsect1>
154 <refsect1>
155 <title>SEE ALSO</title>
156 <para>
157 <citerefentry>
158 <refentrytitle>pkcs11-list</refentrytitle><manvolnum>3</manvolnum>
159 </citerefentry>,
160 <citerefentry>
161 <refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>3</manvolnum>
162 </citerefentry>,
163 <citerefentry>
164 <refentrytitle>dnssec-keyfromlabel</refentrytitle><manvolnum>3</manvolnum>
165 </citerefentry>,
166 </para>
167 </refsect1>
169 <refsect1>
170 <title>CAVEAT</title>
171 <para>Some PKCS#11 providers crash with big public exponent.</para>
172 </refsect1>
174 <refsect1>
175 <title>AUTHOR</title>
176 <para><corpauthor>Internet Systems Consortium</corpauthor>
177 </para>
178 </refsect1>
180 </refentry><!--
181 - Local variables:
182 - mode: sgml
183 - End:
184 -->