1<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 3 [<!ENTITY mdash "—">]> 4<!-- 5 - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") 6 - 7 - Permission to use, copy, modify, and/or distribute this software for any 8 - purpose with or without fee is hereby granted, provided that the above 9 - copyright notice and this permission notice appear in all copies. 10 - 11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 - PERFORMANCE OF THIS SOFTWARE. 18--> 19 20<!-- $Id: pkcs11-keygen.docbook,v 1.3 2009/10/05 12:23:11 fdupont Exp $ --> 21<refentry id="man.pkcs11-keygen"> 22 <refentryinfo> 23 <date>Sep 18, 2009</date> 24 </refentryinfo> 25 26 <refmeta> 27 <refentrytitle><application>pkcs11-keygen</application></refentrytitle> 28 <manvolnum>8</manvolnum> 29 <refmiscinfo>BIND9</refmiscinfo> 30 </refmeta> 31 32 <refnamediv> 33 <refname><application>pkcs11-keygen</application></refname> 34 <refpurpose>generate RSA keys on a PKCS#11 device</refpurpose> 35 </refnamediv> 36 37 <docinfo> 38 <copyright> 39 <year>2009</year> 40 <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 41 </copyright> 42 </docinfo> 43 44 <refsynopsisdiv> 45 <cmdsynopsis> 46 <command>pkcs11-keygen</command> 47 <arg><option>-P</option></arg> 48 <arg><option>-m <replaceable class="parameter">module</replaceable></option></arg> 49 <arg><option>-s <replaceable class="parameter">slot</replaceable></option></arg> 50 <arg><option>-e</option></arg> 51 <arg choice="req">-b <replaceable class="parameter">keysize</replaceable></arg> 52 <arg choice="req">-l <replaceable class="parameter">label</replaceable></arg> 53 <arg><option>-i <replaceable class="parameter">id</replaceable></option></arg> 54 <arg><option>-p <replaceable class="parameter">PIN</replaceable></option></arg> 55 </cmdsynopsis> 56 </refsynopsisdiv> 57 58 <refsect1> 59 <title>DESCRIPTION</title> 60 <para> 61 <command>pkcs11-keygen</command> causes a PKCS#11 device to generate 62 a new RSA key pair with the specified <option>label</option> and 63 with <option>keysize</option> bits of modulus. 64 </para> 65 </refsect1> 66 67 <refsect1> 68 <title>ARGUMENTS</title> 69 <variablelist> 70 <varlistentry> 71 <term>-P</term> 72 <listitem> 73 <para> 74 Set the new private key to be non-sensitive and extractable. 75 The allows the private key data to be read from the PKCS#11 76 device. The default is for private keys to be sensitive and 77 non-extractable. 78 </para> 79 </listitem> 80 </varlistentry> 81 82 <varlistentry> 83 <term>-m <replaceable class="parameter">module</replaceable></term> 84 <listitem> 85 <para> 86 Specify the PKCS#11 provider module. This must be the full 87 path to a shared library object implementing the PKCS#11 API 88 for the device. 89 </para> 90 </listitem> 91 </varlistentry> 92 93 <varlistentry> 94 <term>-s <replaceable class="parameter">slot</replaceable></term> 95 <listitem> 96 <para> 97 Open the session with the given PKCS#11 slot. The default is 98 slot 0. 99 </para> 100 </listitem> 101 </varlistentry> 102 103 <varlistentry> 104 <term>-e</term> 105 <listitem> 106 <para> 107 Use a large exponent. 108 </para> 109 </listitem> 110 </varlistentry> 111 112 <varlistentry> 113 <term>-b <replaceable class="parameter">keysize</replaceable></term> 114 <listitem> 115 <para> 116 Create the key pair with <option>keysize</option> bits of 117 modulus. 118 </para> 119 </listitem> 120 </varlistentry> 121 122 <varlistentry> 123 <term>-l <replaceable class="parameter">label</replaceable></term> 124 <listitem> 125 <para> 126 Create key objects with the given label. 127 This name must be unique. 128 </para> 129 </listitem> 130 </varlistentry> 131 132 <varlistentry> 133 <term>-i <replaceable class="parameter">id</replaceable></term> 134 <listitem> 135 <para> 136 Create key objects with id. The id is either 137 an unsigned short 2 byte or an unsigned long 4 byte number. 138 </para> 139 </listitem> 140 </varlistentry> 141 142 <varlistentry> 143 <term>-p <replaceable class="parameter">PIN</replaceable></term> 144 <listitem> 145 <para> 146 Specify the PIN for the device. If no PIN is provided on the 147 command line, <command>pkcs11-keygen</command> will prompt for it. 148 </para> 149 </listitem> 150 </varlistentry> 151 </variablelist> 152 </refsect1> 153 154 <refsect1> 155 <title>SEE ALSO</title> 156 <para> 157 <citerefentry> 158 <refentrytitle>pkcs11-list</refentrytitle><manvolnum>3</manvolnum> 159 </citerefentry>, 160 <citerefentry> 161 <refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>3</manvolnum> 162 </citerefentry>, 163 <citerefentry> 164 <refentrytitle>dnssec-keyfromlabel</refentrytitle><manvolnum>3</manvolnum> 165 </citerefentry>, 166 </para> 167 </refsect1> 168 169 <refsect1> 170 <title>CAVEAT</title> 171 <para>Some PKCS#11 providers crash with big public exponent.</para> 172 </refsect1> 173 174 <refsect1> 175 <title>AUTHOR</title> 176 <para><corpauthor>Internet Systems Consortium</corpauthor> 177 </para> 178 </refsect1> 179 180</refentry><!-- 181 - Local variables: 182 - mode: sgml 183 - End: 184--> 185