external/bsd/bind/dist/bin/pkcs11/pkcs11-keygen.html

   1 <!--
   2  - Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
   3  -
   4  - Permission to use, copy, modify, and/or distribute this software for any
   5  - purpose with or without fee is hereby granted, provided that the above
   6  - copyright notice and this permission notice appear in all copies.
   7  -
   8  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
   9  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  10  - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  11  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  12  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  13  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  14  - PERFORMANCE OF THIS SOFTWARE.
  15 -->
  16
  17 <!-- Id: pkcs11-keygen.html,v 1.4 2009/10/06 04:40:14 tbox Exp -->
  18 <html>
  19 <head>
  20 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
  21 <title>pkcs11-keygen</title>
  22 <meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
  23 </head>
  24 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
  25 <a name="man.pkcs11-keygen"></a><div class="titlepage"></div>
  26 <div class="refnamediv">
  27 <h2>Name</h2>
  28 <p><span class="application">pkcs11-keygen</span> &#8212; generate RSA keys on a PKCS#11 device</p>
  29 </div>
  30 <div class="refsynopsisdiv">
  31 <h2>Synopsis</h2>
  32 <div class="cmdsynopsis"><p><code class="command">pkcs11-keygen</code>  [<code class="option">-P</code>] [<code class="option">-m <em class="replaceable"><code>module</code></em></code>] [<code class="option">-s <em class="replaceable"><code>slot</code></em></code>] [<code class="option">-e</code>] {-b <em class="replaceable"><code>keysize</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-i <em class="replaceable"><code>id</code></em></code>] [<code class="option">-p <em class="replaceable"><code>PIN</code></em></code>]</p></div>
  33 </div>
  34 <div class="refsect1" lang="en">
  35 <a name="id2543397"></a><h2>DESCRIPTION</h2>
  36 <p>
  37       <span><strong class="command">pkcs11-keygen</strong></span> causes a PKCS#11 device to generate
  38       a new RSA key pair with the specified <code class="option">label</code> and
  39       with <code class="option">keysize</code> bits of modulus.
  40     </p>
  41 </div>
  42 <div class="refsect1" lang="en">
  43 <a name="id2543416"></a><h2>ARGUMENTS</h2>
  44 <div class="variablelist"><dl>
  45 <dt><span class="term">-P</span></dt>
  46 <dd><p>
  47             Set the new private key to be non-sensitive and extractable.
  48             The allows the private key data to be read from the PKCS#11
  49             device.  The default is for private keys to be sensitive and
  50             non-extractable.
  51           </p></dd>
  52 <dt><span class="term">-m <em class="replaceable"><code>module</code></em></span></dt>
  53 <dd><p>
  54             Specify the PKCS#11 provider module.  This must be the full
  55             path to a shared library object implementing the PKCS#11 API
  56             for the device.
  57           </p></dd>
  58 <dt><span class="term">-s <em class="replaceable"><code>slot</code></em></span></dt>
  59 <dd><p>
  60             Open the session with the given PKCS#11 slot.  The default is
  61             slot 0.
  62           </p></dd>
  63 <dt><span class="term">-e</span></dt>
  64 <dd><p>
  65             Use a large exponent.
  66           </p></dd>
  67 <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
  68 <dd><p>
  69             Create the key pair with <code class="option">keysize</code> bits of
  70             modulus.
  71           </p></dd>
  72 <dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
  73 <dd><p>
  74             Create key objects with the given label.
  75             This name must be unique.
  76           </p></dd>
  77 <dt><span class="term">-i <em class="replaceable"><code>id</code></em></span></dt>
  78 <dd><p>
  79             Create key objects with id. The id is either
  80             an unsigned short 2 byte or an unsigned long 4 byte number.
  81           </p></dd>
  82 <dt><span class="term">-p <em class="replaceable"><code>PIN</code></em></span></dt>
  83 <dd><p>
  84             Specify the PIN for the device.  If no PIN is provided on the
  85             command line, <span><strong class="command">pkcs11-keygen</strong></span> will prompt for it.
  86           </p></dd>
  87 </dl></div>
  88 </div>
  89 <div class="refsect1" lang="en">
  90 <a name="id2543563"></a><h2>SEE ALSO</h2>
  91 <p>
  92       <span class="citerefentry"><span class="refentrytitle">pkcs11-list</span>(3)</span>,
  93       <span class="citerefentry"><span class="refentrytitle">pkcs11-destroy</span>(3)</span>,
  94       <span class="citerefentry"><span class="refentrytitle">dnssec-keyfromlabel</span>(3)</span>,
  95     </p>
  96 </div>
  97 <div class="refsect1" lang="en">
  98 <a name="id2543598"></a><h2>CAVEAT</h2>
  99 <p>Some PKCS#11 providers crash with big public exponent.</p>
 100 </div>
 101 <div class="refsect1" lang="en">
 102 <a name="id2543609"></a><h2>AUTHOR</h2>
 103 <p><span class="corpauthor">Internet Systems Consortium</span>
 104     </p>
 105 </div>
 106 </div></body>
 107 </html>