man page update, info about generating EC keys
modified: doc/tools/pkcs15-init.1.xml
This commit is contained in:
parent
a3ca7613cd
commit
26adaf519c
@ -136,11 +136,12 @@
|
|||||||
<command>pkcs15-init --generate-key " keyspec " --auth-id " nn</command>
|
<command>pkcs15-init --generate-key " keyspec " --auth-id " nn</command>
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
where <replaceable>keyspec</replaceable> describes the algorithm and length of the
|
where <replaceable>keyspec</replaceable> describes the algorithm and the parameters
|
||||||
key to be created, such as <literal>rsa/512</literal>. This will create a 512 bit
|
of the key to be created. For example, <literal>rsa:2048</literal> generates a RSA key
|
||||||
RSA key. Currently, only RSA key generation is supported. Note that cards
|
with 2048-bit modulus. If you are generating an EC key, the curve designation must
|
||||||
usually support just a few different key lengths. Almost all cards will support
|
be specified, for example <literal>ec:prime256v1</literal>. For symmetric key,
|
||||||
512 and 1024 bit keys, some will support 768 or 2048 as well.
|
the length of key is specified in bytes, for example <literal>AES:32</literal>
|
||||||
|
or <literal>DES3:24</literal>.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
<replaceable>nn</replaceable> is the ID of a user PIN installed previously,
|
<replaceable>nn</replaceable> is the ID of a user PIN installed previously,
|
||||||
@ -242,7 +243,7 @@
|
|||||||
you would use
|
you would use
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
<command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes/256 --auth-id 01</command>
|
<command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes:256 --auth-id 01</command>
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
By default a random ID is generated for the secret key. You may specify an ID
|
By default a random ID is generated for the secret key. You may specify an ID
|
||||||
@ -332,9 +333,9 @@
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Tells the card to generate new key and store it on the card.
|
Tells the card to generate new key and store it on the card.
|
||||||
<replaceable>keyspec</replaceable> consists of an algorithm name
|
<replaceable>keyspec</replaceable> consists of an algorithm name,
|
||||||
(currently, the only supported name is <option>RSA</option>),
|
optionally followed by a colon ":", slash "/" or hyphen "-" and
|
||||||
optionally followed by a slash and the length of the key in bits.
|
the parameters of the key to be created.
|
||||||
It is a good idea to specify the key ID along with this command,
|
It is a good idea to specify the key ID along with this command,
|
||||||
using the <option>id</option> option, otherwise an intrinsic ID
|
using the <option>id</option> option, otherwise an intrinsic ID
|
||||||
will be calculated from the key material. Look the description of
|
will be calculated from the key material. Look the description of
|
||||||
@ -417,7 +418,7 @@
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<replaceable>keyspec</replaceable> describes the algorithm and length of the
|
<replaceable>keyspec</replaceable> describes the algorithm and length of the
|
||||||
key to be created or downloaded, such as <literal>aes/256</literal>.
|
key to be created or downloaded, such as <literal>aes:256</literal>.
|
||||||
This will create a 256 bit AES key.
|
This will create a 256 bit AES key.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
Loading…
Reference in New Issue
Block a user