Use this option to identify the library to work with. Replace <pkcs11lib> with the name of the PKCS #11 library. Note: Do not include the extension in the filename.
slot <slot#>
Use this option to specify the slot number to use. Replace <slot#> with the slot number. Default: First empty slot.
pin <PIN>
Use this option to enter the PIN for the slot. Replace <PIN> with the PIN that should be used for the given slot.
id <CKA_ID>
Use this option to specify the CKA_ID attribute for the key pair. This id is used to associate keys with certificate requests and certificates.
label <CKA_LABEL>
Use this option to specify the CKA_LABEL attribute for the key pair. A default label is generated if not specified.
login user | so
Use this option to select how to login.so stands for “security officer”. Default: user
genrsa <key length>
Use this option to generate an RSA key pair. Replace <key length> with the desired length of the RSA key. Default: 1024
exponent <exp#>
RSA public key exponent. Default: 0x10001
force
Use this option if you want the utility to replace an existing key with the same ID. Default: Not flagged.
nopinpad
If set, hwsetup will ignore reports from the PKCS#11 library that it has a pin pad, a smart card reader, or some other means of protecting the key objects, and sends the command line pin provided to the library anyway. This setting should not be needed other then in rare cases of HSM vendors with non-standard PKCS#11 implementations.
