1PKCS11-KEYGEN(8) BIND9 PKCS11-KEYGEN(8)
2
6 pkcs11-keygen - generate RSA keys on a PKCS#11 device
7
9 pkcs11-keygen [-P] [-m module] [-s slot] [-e] {-b keysize} {-l label}
10 [-i id] [-p PIN]
11
13 pkcs11-keygen causes a PKCS#11 device to generate a new RSA key pair
14 with the specified label and with keysize bits of modulus.
15
17 -P
18 Set the new private key to be non-sensitive and extractable. The
19 allows the private key data to be read from the PKCS#11 device. The
20 default is for private keys to be sensitive and non-extractable.
21 -m module
23 Specify the PKCS#11 provider module. This must be the full path to
24 a shared library object implementing the PKCS#11 API for the
25 device.
26 -s slot
28 Open the session with the given PKCS#11 slot. The default is slot
29 0.
30 -e
32 Use a large exponent.
33 -b keysize
35 Create the key pair with keysize bits of modulus.
36 -l label
38 Create key objects with the given label. This name must be unique.
39 -i id
41 Create key objects with id. The id is either an unsigned short 2
42 byte or an unsigned long 4 byte number.
43 -p PIN
45 Specify the PIN for the device. If no PIN is provided on the
46 command line, pkcs11-keygen will prompt for it.
47
49 pkcs11-list(3), pkcs11-destroy(3), dnssec-keyfromlabel(3),
50
52 Some PKCS#11 providers crash with big public exponent.
53
55 Internet Systems Consortium
56
58 Copyright © 2009 Internet Systems Consortium, Inc. ("ISC")
59BIND9 Sep 18, 2009 PKCS11-KEYGEN(8)