mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-28 13:08:06 +00:00
96 lines
3.2 KiB
Plaintext
96 lines
3.2 KiB
Plaintext
.\" Man page generated from reStructuredText.
|
|
.
|
|
.TH "PKCS11-KEYGEN" "1" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
|
|
.SH NAME
|
|
pkcs11-keygen \- generate keys on a PKCS#11 device
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.SH SYNOPSIS
|
|
.sp
|
|
\fBpkcs11\-keygen\fP [\fB\-a\fP algorithm] [\fB\-b\fP keysize] [\fB\-e\fP] [\fB\-i\fP id] [\fB\-m\fP module] [\fB\-P\fP] [\fB\-p\fP PIN] [\fB\-q\fP] [\fB\-S\fP] [\fB\-s\fP slot] label
|
|
.SH DESCRIPTION
|
|
.sp
|
|
\fBpkcs11\-keygen\fP causes a PKCS#11 device to generate a new key pair
|
|
with the given \fBlabel\fP (which must be unique) and with \fBkeysize\fP
|
|
bits of prime.
|
|
.SH OPTIONS
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \fB\-a algorithm\fP
|
|
This option specifies the key algorithm class: supported classes are RSA, DSA, DH,
|
|
ECC, and ECX. In addition to these strings, the \fBalgorithm\fP can be
|
|
specified as a DNSSEC signing algorithm to be used with this
|
|
key; for example, NSEC3RSASHA1 maps to RSA, ECDSAP256SHA256 maps to
|
|
ECC, and ED25519 to ECX. The default class is \fBRSA\fP\&.
|
|
.TP
|
|
.B \fB\-b keysize\fP
|
|
This option creates the key pair with \fBkeysize\fP bits of prime. For ECC keys, the
|
|
only valid values are 256 and 384, and the default is 256. For ECX
|
|
keys, the only valid values are 256 and 456, and the default is 256.
|
|
.TP
|
|
.B \fB\-e\fP
|
|
For RSA keys only, this option specifies use of a large exponent.
|
|
.TP
|
|
.B \fB\-i id\fP
|
|
This option creates key objects with \fBid\fP\&. The ID is either an unsigned short 2\-byte
|
|
or an unsigned long 4\-byte number.
|
|
.TP
|
|
.B \fB\-m module\fP
|
|
This option specifies the PKCS#11 provider module. This must be the full path to a
|
|
shared library object implementing the PKCS#11 API for the device.
|
|
.TP
|
|
.B \fB\-P\fP
|
|
This option sets the new private key to be non\-sensitive and extractable, and
|
|
allows the private key data to be read from the PKCS#11 device. The
|
|
default is for private keys to be sensitive and non\-extractable.
|
|
.TP
|
|
.B \fB\-p PIN\fP
|
|
This option specifies the \fBPIN\fP for the device. If no \fBPIN\fP is provided on the command
|
|
line, \fBpkcs11\-keygen\fP prompts for it.
|
|
.TP
|
|
.B \fB\-q\fP
|
|
This option sets quiet mode, which suppresses unnecessary output.
|
|
.TP
|
|
.B \fB\-S\fP
|
|
For Diffie\-Hellman (DH) keys only, this option specifies use of a special prime of 768\-, 1024\-,
|
|
or 1536\-bit size and base (AKA generator) 2. If not specified, bit
|
|
size defaults to 1024.
|
|
.TP
|
|
.B \fB\-s slot\fP
|
|
This option opens the session with the given PKCS#11 slot. The default is slot 0.
|
|
.UNINDENT
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fBpkcs11\-destroy(8)\fP, \fBpkcs11\-list(8)\fP, \fBpkcs11\-tokens(8)\fP, \fBdnssec\-keyfromlabel(8)\fP
|
|
.SH AUTHOR
|
|
Internet Systems Consortium
|
|
.SH COPYRIGHT
|
|
2020, Internet Systems Consortium
|
|
.\" Generated by docutils manpage writer.
|
|
.
|