From: Nikos Mavrogiannopoulos Date: Wed, 28 Nov 2012 22:46:31 +0000 (+0100) Subject: updated documentation X-Git-Tag: gnutls_3_1_6~41 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dbabed862fadeefb2eb1317d53ad4d0af528e8df;p=thirdparty%2Fgnutls.git updated documentation --- diff --git a/doc/invoke-p11tool.texi b/doc/invoke-p11tool.texi index b09e00b555..43f99e77c3 100644 --- a/doc/invoke-p11tool.texi +++ b/doc/invoke-p11tool.texi @@ -6,7 +6,7 @@ # # DO NOT EDIT THIS FILE (invoke-p11tool.texi) # -# It has been AutoGen-ed November 8, 2012 at 11:40:19 PM by AutoGen 5.16 +# It has been AutoGen-ed November 28, 2012 at 11:46:10 PM by AutoGen 5.16 # From the definitions ../src/p11tool-args.def # and the template file agtexi-cmd.tpl @end ignore @@ -203,3 +203,18 @@ $ p11tool --login --write "pkcs11:URL" --load-certificate cert.pem \ Note that some tokens require the same label to be used for the certificate and its corresponding private key. +To generate an RSA private key inside the token use: +@example +$ p11tool --login --generate-rsa --bits 1024 --label "MyNewKey" \ + --outfile MyNewKey.pub "pkcs11:TOKEN-URL" +@end example +The bits parameter in the above example is explicitly set because some +tokens only support a limited number of bits. The output file is the +corresponding public key. This key can be used to general a certificate +request with certtool. +@example +certtool --generate-request --load-privkey "pkcs11:KEY-URL" \ + --load-pubkey MyNewKey.pub --outfile request.pem +@end example + + diff --git a/src/p11tool-args.c b/src/p11tool-args.c index 25e9258de5..e70b73d3eb 100644 --- a/src/p11tool-args.c +++ b/src/p11tool-args.c @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (p11tool-args.c) * - * It has been AutoGen-ed November 8, 2012 at 11:35:48 PM by AutoGen 5.16 + * It has been AutoGen-ed November 28, 2012 at 11:45:35 PM by AutoGen 5.16 * From the definitions p11tool-args.def * and the template file options * diff --git a/src/p11tool-args.def b/src/p11tool-args.def index 7b8e912e8b..6902dbee4b 100644 --- a/src/p11tool-args.def +++ b/src/p11tool-args.def @@ -246,6 +246,21 @@ $ p11tool --login --write "pkcs11:URL" --load-certificate cert.pem \ @end example Note that some tokens require the same label to be used for the certificate and its corresponding private key. + +To generate an RSA private key inside the token use: +@example +$ p11tool --login --generate-rsa --bits 1024 --label "MyNewKey" \ + --outfile MyNewKey.pub "pkcs11:TOKEN-URL" +@end example +The bits parameter in the above example is explicitly set because some +tokens only support a limited number of bits. The output file is the +corresponding public key. This key can be used to general a certificate +request with certtool. +@example +certtool --generate-request --load-privkey "pkcs11:KEY-URL" \ + --load-pubkey MyNewKey.pub --outfile request.pem +@end example + _EOT_; }; diff --git a/src/p11tool-args.h b/src/p11tool-args.h index 6f83e64178..c60633ca3a 100644 --- a/src/p11tool-args.h +++ b/src/p11tool-args.h @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (p11tool-args.h) * - * It has been AutoGen-ed November 8, 2012 at 11:35:48 PM by AutoGen 5.16 + * It has been AutoGen-ed November 28, 2012 at 11:45:35 PM by AutoGen 5.16 * From the definitions p11tool-args.def * and the template file options *