other versions
- stretch 1:9.10.3.dfsg.P4-12.3+deb9u4
- testing 1:9.11.5.P4+dfsg-5
- stretch-backports 1:9.11.5.P4+dfsg-5~bpo9+1
- unstable 1:9.11.5.P4+dfsg-5.1
PKCS11-ECGEN(8) | BIND9 | PKCS11-ECGEN(8) |
NAME¶
pkcs11-keygen - generate keys on a PKCS#11 deviceSYNOPSIS¶
pkcs11-keygen {-a algorithm} [-b keysize] [-e] [-i id] [-m module] [-P] [-p PIN] [-q] [-S] [-s slot] {label}
DESCRIPTION¶
pkcs11-keygen causes a PKCS#11 device to generate a new key pair with the given label (which must be unique) and with keysize bits of prime.ARGUMENTS¶
-a algorithmSpecify the key algorithm class: Supported classes are
RSA, DSA, DH, and ECC. In addition to these strings, the algorithm can
be specified as a DNSSEC signing algorithm that will be used with this key;
for example, NSEC3RSASHA1 maps to RSA, and ECDSAP256SHA256 maps to ECC. The
default class is "RSA".
-b keysize
Create the key pair with keysize bits of prime.
For ECC keys, the only valid values are 256 and 384, and the default is
256.
-e
For RSA keys only, use a large exponent.
-i id
Create key objects with id. The id is either an unsigned
short 2 byte or an unsigned long 4 byte number.
-m module
Specify the PKCS#11 provider module. This must be the
full path to a shared library object implementing the PKCS#11 API for the
device.
-P
Set the new private key to be non-sensitive and
extractable. The allows the private key data to be read from the PKCS#11
device. The default is for private keys to be sensitive and
non-extractable.
-p PIN
Specify the PIN for the device. If no PIN is provided on
the command line, pkcs11-ecgen will prompt for it.
-e
Quiet mode: suppress unnecessary output.
-S
For Diffie-Hellman (DH) keys only, use a special prime of
768, 1024 or 1536 bit size and base (aka generator) 2. If not specified, bit
size will default to 1024.
-s slot
Open the session with the given PKCS#11 slot. The default
is slot 0.
SEE ALSO¶
pkcs11-rsagen(3), pkcs11-dsagen(3), pkcs11-list(3), pkcs11-destroy(3), dnssec-keyfromlabel(3),AUTHOR¶
Internet Systems ConsortiumCOPYRIGHT¶
Copyright © 2012 Internet Systems Consortium, Inc. ("ISC")March 1, 2012 | BIND9 |