doc: #329: explicit usage of --id for a new keys is deprecated

'Id' option in the pkcs15-init commands to import/generate a new key is deprecated. Better s to let the MW to derive an identifier from the key material.
2012-08-19 20:07:17 +02:00 · 2012-08-19 20:07:17 +02:00 · 2f3ace06ec
parent ca08e97ab7
commit 2f3ace06ec
1 changed files with 6 additions and 6 deletions
--- a/doc/tools/pkcs15-init.1.xml
+++ b/doc/tools/pkcs15-init.1.xml
@ -169,12 +169,12 @@
 				key as a PKCS #15 public key object.
 			</para>
 			<para>
-				Note the use of the <option>--id</option> option. The current
-				<command>pkcs15</command> profile defines two key templates, one for
-				authentication (key ID <literal>45</literal>), and one for non-repudiation purposes (key ID <literal>46</literal>).
-				Other key templates will probably be added in the future. Note that if you don't
-				specify a key ID, <command>pkcs15-init</command> will pick just the first key
-				template defined by the profile.
+				Note that usage of <option>--id</option> option in the <command>pkcs15-init</command>
+                                commands to generate or to import a new key is deprecated.
+                                Better practice is to let the middleware to derive the identifier from the key material.
+                                (SHA1(modulus) for RSA, SHA1(pub) for DSA, ...).
+                                This allows easily set up relation between 'related' objects
+                                (private/public keys and certificates).
 			</para>
 			<para>
 				In addition to the PEM key file format, <command>pkcs15-init</command> also