1EFIKEYGEN(1) General Commands Manual EFIKEYGEN(1)
2
3
4
6 efikeygen - command line tool for generating keys to use for PE image
7 signing
8
9
11 efikeygen <[--ca | -C] [--self-sign | -S] | [--signer=nickname]>
12 <[--kernel | --module]>
13 [--token=token | -t token]
14 [--nickname=nickname | -n nickname]
15 [--common-name=common name | -c common name]
16 [--url=url | -u url]
17 [--serial=serial | -s serial]
18
19
21 efikeygen is a command line tool for generating keys and certificates
22 to be used with pesign. These are standard X.509 certificates, and can
23 potentially be generated with any certificate creation tool. efikeygen
24 simply sets generates keys with sensible options set for a key to be
25 used for PE image signing.
26
27
29 --ca The certificate being generated is for a CA.
30
31
32 --self-sign
33 The generated certificate is to be self signed.
34
35
36 --signer=nickname
37 Nickname of certificate to be used to sign the generated cer‐
38 tificate.
39
40
41 --kernel
42 The generated certificate is to be used to sign kernels.
43
44
45 --module
46 The generated certificate is to be used to sign kernel modules.
47
48
49 --token=token
50 Use the specified NSS token's certificate database.
51
52
53 --nickname=nickname
54 The nickname to use for the generated certificate.
55
56
57 --common-name=common-name
58 The X.509 Common Name for the generated certificate. This
59 should be in rfc2253 syntax, i.e. "CN=John Doe,OU=editing,O=New
60 York Times,L=New York,ST=NY,C=US"
61
62
63 --url=url
64 Informational url regarding objects signed with this key.
65
66
67 --serial=serial number
68 Serial number for use with this key. A certificate is identi‐
69 fied by its signer and its serial number, so it's best not to
70 ever re-use this value with the same signer. By default, this
71 value will be generated using /dev/urandom . It is not recom‐
72 mended to use this option to override that.
73
74
76 pesign(1)
77
78
80 Peter Jones
81
82
83
84 Mon Jan 07 2013 EFIKEYGEN(1)