Generate DSA/EC/RSA key pair
This article is valid from CM 8.1.
This article describes the syntax for how to generate a DSA/EC/RSA key pair used when setting up a hardware token. The hwsetup command line tool, included in Smart ID Certificate Manager (CM), is used.
Syntax
Syntax: Generate DSA/EC/RSA key pair
hwsetup -libname <pkcs11lib> [-slot <slot#>] [-pin <PIN>] [-nopinpad]
[-id <CKA_ID>|-noid] [-label <CKA_LABEL>] [-login user|so] [-extractable] [-force]
[-gendsa <key length>[:<subprime length>]]
[-genec <named curve>] [-derive] [-sign]
[-genrsa <key length>] [-exponent <#>] [-decrypt] [-sign] [-unwrap]
Options and arguments
Options and Arguments | Description |
---|---|
libname <pkcs11lib> | Use this option to identify the library to work with. Replace Note: Do not include the extension in the filename. |
slot <slot#> | Use this option to specify the slot number to use. Replace |
pin <PIN> | Use this option to enter the PIN for the slot. Replace |
id <CKA_ID> | Use this option to specify the CKA_ID attribute for the key pair. This id is used to associate keys with certificate requests and certificates. Default: A generated id. |
noid | Do not generate any CKA_ID. |
label <CKA_LABEL> | Use this option to specify the |
login user | so | Use this option to select how to login. so stands for “security officer”. Default: user |
gendsa <key | Use this option to generate a DSA key pair. Replace |
genec <curve name> | Use this option to generate an EC key pair. Replace |
genrsa <key length> | Use this option to generate an RSA key pair. Replace |
exponent <#> | Use this option to specify the RSA public key exponent. Default: 0x10001 |
decrypt | Sets the |
derive | Sets the |
sign | Sets the |
unwrap | Sets the |
extractable | Sets the attributes |
force | Use this option if you want the utility to replace an existing key with the same ID. Default: Not flagged. |
nopinpad | If set, |
Example
To generate an RSA key pair with the key length 2048 bits:
Example: Generate RSA key pair with key length 2048 bits
hwsetup -libname crypto -slot 1 -pin abcd -id mykey -genrsa 2048
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions