1PKCS11-ECGEN(8)                      BIND9                     PKCS11-ECGEN(8)
2
3
4

NAME

6       pkcs11-keygen - generate keys on a PKCS#11 device
7

SYNOPSIS

9       pkcs11-keygen {-a algorithm} [-b keysize] [-e] [-i id] [-m module] [-P]
10                     [-p PIN] [-q] [-S] [-s slot] {label}
11

DESCRIPTION

13       pkcs11-keygen causes a PKCS#11 device to generate a new key pair with
14       the given label (which must be unique) and with keysize bits of prime.
15

ARGUMENTS

17       -a algorithm
18           Specify the key algorithm class: Supported classes are RSA, DSA,
19           DH, and ECC. In addition to these strings, the algorithm can be
20           specified as a DNSSEC signing algorithm that will be used with this
21           key; for example, NSEC3RSASHA1 maps to RSA, and ECDSAP256SHA256
22           maps to ECC. The default class is "RSA".
23
24       -b keysize
25           Create the key pair with keysize bits of prime. For ECC keys, the
26           only valid values are 256 and 384, and the default is 256.
27
28       -e
29           For RSA keys only, use a large exponent.
30
31       -i id
32           Create key objects with id. The id is either an unsigned short 2
33           byte or an unsigned long 4 byte number.
34
35       -m module
36           Specify the PKCS#11 provider module. This must be the full path to
37           a shared library object implementing the PKCS#11 API for the
38           device.
39
40       -P
41           Set the new private key to be non-sensitive and extractable. The
42           allows the private key data to be read from the PKCS#11 device. The
43           default is for private keys to be sensitive and non-extractable.
44
45       -p PIN
46           Specify the PIN for the device. If no PIN is provided on the
47           command line, pkcs11-ecgen will prompt for it.
48
49       -e
50           Quiet mode: suppress unnecessary output.
51
52       -S
53           For Diffie-Hellman (DH) keys only, use a special prime of 768, 1024
54           or 1536 bit size and base (aka generator) 2. If not specified, bit
55           size will default to 1024.
56
57       -s slot
58           Open the session with the given PKCS#11 slot. The default is slot
59           0.
60

SEE ALSO

62       pkcs11-rsagen(3), pkcs11-dsagen(3), pkcs11-list(3), pkcs11-destroy(3),
63       dnssec-keyfromlabel(3),
64

AUTHOR

66       Internet Systems Consortium
67

69       Copyright © 2012 Internet Systems Consortium, Inc. ("ISC")
70
71
72
73BIND9                            Feb 30, 2012                  PKCS11-ECGEN(8)
Impressum