1EFIKEYGEN(1) General Commands Manual EFIKEYGEN(1)
2
3
4
6 efikeygen - command line tool for generating keys to use for PE image
7 signing
8
9
11 efikeygen <[--ca | -C] [--self-sign | -S] | [--signer=nickname]>
12 [--token=token | -t token]
13 [--nickname=nickname | -n nickname]
14 [--common-name=common name | -c common name]
15 [--url=url | -u url]
16 [--serial=serial | -s serial]
17
18
20 efikeygen is a command line tool for generating keys and certificates
21 to be used with pesign. These are standard X.509 certificates, and can
22 potentially be generated with any certificate creation tool. efikeygen
23 simply sets generates keys with sensible options set for a key to be
24 used for PE image signing.
25
26
28 --ca The certificate being generated is for a CA.
29
30
31 --self-sign
32 The generated certificate is to be self signed.
33
34
35 --signer=nickname
36 Nickname of certificate to be used to sign the generated cer‐
37 tificate.
38
39
40 --token=token
41 Use the specified NSS token's certificate database.
42
43
44 --nickname=nickname
45 The nickname to use for the generated certificate.
46
47
48 --common-name=common-name
49 The X.509 Common Name for the generated certificate. This
50 should be in rfc2253 syntax, i.e. "CN=John Doe,OU=editing,O=New
51 York Times,L=New York,ST=NY,C=US"
52
53
54 --url=url
55 Informational url regarding objects signed with this key.
56
57
58 --serial=serial number
59 Serial number for use with this key. A certificate is identi‐
60 fied by its signer and its serial number, so it's best not to
61 ever re-use this value with the same signer. By default, this
62 value will be generated using /dev/urandom . It is not recom‐
63 mended to use this option to override that.
64
65
67 pesign(1)
68
69
71 Peter Jones
72
73
74
75 Mon Jan 07 2013 EFIKEYGEN(1)