.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: pkcs11-keygen.8,v 1.2 2009/10/05 12:11:53 fdupont Exp $
+.\" $Id: pkcs11-keygen.8,v 1.3 2009/10/05 12:25:29 fdupont Exp $
.\"
.hy 0
.ad l
pkcs11\-keygen \- generate RSA keys on a PKCS#11 device
.SH "SYNOPSIS"
.HP 14
-\fBpkcs11\-keygen\fR [\fB\-P\fR] [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] {\-b\ \fIkeysize\fR} {\-l\ \fIlabel\fR} [\fB\-p\ \fR\fB\fIPIN\fR\fR]
+\fBpkcs11\-keygen\fR [\fB\-P\fR] [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] [\fB\-e\fR] {\-b\ \fIkeysize\fR} {\-l\ \fIlabel\fR} [\fB\-i\ \fR\fB\fIid\fR\fR] [\fB\-p\ \fR\fB\fIPIN\fR\fR]
.SH "DESCRIPTION"
.PP
\fBpkcs11\-keygen\fR
Open the session with the given PKCS#11 slot. The default is slot 0.
.RE
.PP
+\-e
+.RS 4
+Use a large exponent.
+.RE
+.PP
\-b \fIkeysize\fR
.RS 4
Create the key pair with
.PP
\-l \fIlabel\fR
.RS 4
-Create key objects with the given label.
+Create key objects with the given label. This name must be unique.
+.RE
+.PP
+\-i \fIid\fR
+.RS 4
+Create key objects with id. The id is either an unsigned short 2 byte or an unsigned long 4 byte number.
.RE
.PP
\-p \fIPIN\fR
.SH "SEE ALSO"
.PP
\fBpkcs11\-list\fR(3),
-\fBpkcs11\-destroy\fR(3)
+\fBpkcs11\-destroy\fR(3),
+\fBdnssec\-keyfromlabel\fR(3),
.SH "CAVEAT"
.PP
-The public exponent is hard\-wired to 65537.
-.PP
-The command should optionally set the object ID too.
+Some PKCS#11 providers crash with big public exponent.
.SH "AUTHOR"
.PP
Internet Systems Consortium
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: pkcs11-keygen.html,v 1.2 2009/10/05 12:13:15 fdupont Exp $ -->
+<!-- $Id: pkcs11-keygen.html,v 1.3 2009/10/05 12:25:29 fdupont Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">pkcs11-keygen</code> [<code class="option">-P</code>] [<code class="option">-m <em class="replaceable"><code>module</code></em></code>] [<code class="option">-s <em class="replaceable"><code>slot</code></em></code>] {-b <em class="replaceable"><code>keysize</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-p <em class="replaceable"><code>PIN</code></em></code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">pkcs11-keygen</code> [<code class="option">-P</code>] [<code class="option">-m <em class="replaceable"><code>module</code></em></code>] [<code class="option">-s <em class="replaceable"><code>slot</code></em></code>] [<code class="option">-e</code>] {-b <em class="replaceable"><code>keysize</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-i <em class="replaceable"><code>id</code></em></code>] [<code class="option">-p <em class="replaceable"><code>PIN</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543384"></a><h2>DESCRIPTION</h2>
+<a name="id2543397"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">pkcs11-keygen</strong></span> causes a PKCS#11 device to generate
a new RSA key pair with the specified <code class="option">label</code> and
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543403"></a><h2>ARGUMENTS</h2>
+<a name="id2543416"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-P</span></dt>
<dd><p>
Open the session with the given PKCS#11 slot. The default is
slot 0.
</p></dd>
+<dt><span class="term">-e</span></dt>
+<dd><p>
+ Use a large exponent.
+ </p></dd>
<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
<dd><p>
Create the key pair with <code class="option">keysize</code> bits of
<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
<dd><p>
Create key objects with the given label.
+ This name must be unique.
+ </p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>id</code></em></span></dt>
+<dd><p>
+ Create key objects with id. The id is either
+ an unsigned short 2 byte or an unsigned long 4 byte number.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>PIN</code></em></span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543520"></a><h2>SEE ALSO</h2>
+<a name="id2543563"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">pkcs11-list</span>(3)</span>,
- <span class="citerefentry"><span class="refentrytitle">pkcs11-destroy</span>(3)</span>
+ <span class="citerefentry"><span class="refentrytitle">pkcs11-destroy</span>(3)</span>,
+ <span class="citerefentry"><span class="refentrytitle">dnssec-keyfromlabel</span>(3)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543546"></a><h2>CAVEAT</h2>
-<p>The public exponent is hard-wired to 65537.</p>
-<p>The command should optionally set the object ID too.</p>
+<a name="id2543598"></a><h2>CAVEAT</h2>
+<p>Some PKCS#11 providers crash with big public exponent.</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543561"></a><h2>AUTHOR</h2>
+<a name="id2543609"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
projects / thirdparty / bind9.git / commitdiff
