1PKCS11-KEYGEN(8)                     BIND9                    PKCS11-KEYGEN(8)
2
3
4

NAME

6       pkcs11-keygen - generate RSA keys on a PKCS#11 device
7

SYNOPSIS

9       pkcs11-keygen [-P] [-m module] [-s slot] [-e] {-b keysize} {-l label}
10                     [-i id] [-p PIN]
11

DESCRIPTION

13       pkcs11-keygen causes a PKCS#11 device to generate a new RSA key pair
14       with the specified label and with keysize bits of modulus.
15

ARGUMENTS

17       -P
18           Set the new private key to be non-sensitive and extractable. The
19           allows the private key data to be read from the PKCS#11 device. The
20           default is for private keys to be sensitive and non-extractable.
21
22       -m module
23           Specify the PKCS#11 provider module. This must be the full path to
24           a shared library object implementing the PKCS#11 API for the
25           device.
26
27       -s slot
28           Open the session with the given PKCS#11 slot. The default is slot
29           0.
30
31       -e
32           Use a large exponent.
33
34       -b keysize
35           Create the key pair with keysize bits of modulus.
36
37       -l label
38           Create key objects with the given label. This name must be unique.
39
40       -i id
41           Create key objects with id. The id is either an unsigned short 2
42           byte or an unsigned long 4 byte number.
43
44       -p PIN
45           Specify the PIN for the device. If no PIN is provided on the
46           command line, pkcs11-keygen will prompt for it.
47

SEE ALSO

49       pkcs11-list(3), pkcs11-destroy(3), dnssec-keyfromlabel(3),
50

CAVEAT

52       Some PKCS#11 providers crash with big public exponent.
53

AUTHOR

55       Internet Systems Consortium
56
58       Copyright © 2009 Internet Systems Consortium, Inc. ("ISC")
59
60
61
62BIND9                            Sep 18, 2009                 PKCS11-KEYGEN(8)
Impressum