giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

man page update, info about generating EC keys 

modified:   doc/tools/pkcs15-init.1.xml
This commit is contained in:
Peter Popovec 2020-12-16 09:34:29 +01:00 committed by Frank Morgner
parent a3ca7613cd
commit 26adaf519c
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
doc/tools/pkcs15-init.1.xml
View File

@ -136,11 +136,12 @@
<command>pkcs15-init --generate-key " keyspec " --auth-id " nn</command> <command>pkcs15-init --generate-key " keyspec " --auth-id " nn</command>
</para> </para>
<para> <para>
where <replaceable>keyspec</replaceable> describes the algorithm and length of the where <replaceable>keyspec</replaceable> describes the algorithm and the parameters
key to be created, such as <literal>rsa/512</literal>. This will create a 512 bit of the key to be created. For example, <literal>rsa:2048</literal> generates a RSA key
RSA key. Currently, only RSA key generation is supported. Note that cards with 2048-bit modulus. If you are generating an EC key, the curve designation must
usually support just a few different key lengths. Almost all cards will support be specified, for example <literal>ec:prime256v1</literal>. For symmetric key,
512 and 1024 bit keys, some will support 768 or 2048 as well. the length of key is specified in bytes, for example <literal>AES:32</literal>
or <literal>DES3:24</literal>.
</para> </para>
<para> <para>
<replaceable>nn</replaceable> is the ID of a user PIN installed previously, <replaceable>nn</replaceable> is the ID of a user PIN installed previously,
@ -242,7 +243,7 @@
you would use you would use
</para> </para>
<para> <para>
<command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes/256 --auth-id 01</command> <command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes:256 --auth-id 01</command>
</para> </para>
<para> <para>
By default a random ID is generated for the secret key. You may specify an ID By default a random ID is generated for the secret key. You may specify an ID
@ -332,9 +333,9 @@
<listitem> <listitem>
<para> <para>
Tells the card to generate new key and store it on the card. Tells the card to generate new key and store it on the card.
<replaceable>keyspec</replaceable> consists of an algorithm name <replaceable>keyspec</replaceable> consists of an algorithm name,
(currently, the only supported name is <option>RSA</option>), optionally followed by a colon ":", slash "/" or hyphen "-" and
optionally followed by a slash and the length of the key in bits. the parameters of the key to be created.
It is a good idea to specify the key ID along with this command, It is a good idea to specify the key ID along with this command,
using the <option>id</option> option, otherwise an intrinsic ID using the <option>id</option> option, otherwise an intrinsic ID
will be calculated from the key material. Look the description of will be calculated from the key material. Look the description of
@ -417,7 +418,7 @@
<listitem> <listitem>
<para> <para>
<replaceable>keyspec</replaceable> describes the algorithm and length of the <replaceable>keyspec</replaceable> describes the algorithm and length of the
key to be created or downloaded, such as <literal>aes/256</literal>. key to be created or downloaded, such as <literal>aes:256</literal>.
This will create a 256 bit AES key. This will create a 256 bit AES key.
</para> </para>
</listitem> </listitem>