ckrsagen

ckrsagen [-p | -n]

Tests RSA key generation. You can use specific PKCS #11 attributes for generating RSA keys.

Option Description

-n, nopin

Doesn’t call C_Login, makes key public object.

-p, pin-for-testing=PIN

Use PIN for C_Login.

Exposes PIN, use for testing only.

-s, slot-name=SLOT

Use only named SLOT.

Template options

-l, keylength=MODULUSBITS

Sets CKA_MODULUS_BITS.
Default: 128

-L, label=LABEL

Sets CKA_LABEL.
Default: Example label

--sign

Sets CKA_SIGN and CKA_VERIFY to true (default).

--nosign

Sets CKA_SIGN and CKA_VERIFY to false.

--encrypt

Sets CKA_ENCRYPT and CKA_DECRYPT to true (default).

--noencrypt

Sets CKA_ENCRYPT and CKA_DECRYPT to false.

--wrap

Sets CKA_WRAP and CKA_UNWRAP to true (default).

--nowrap

Sets CKA_WRAP and CKA_UNWRAP to false.

--sensitive

Sets CKA_SENSITIVE to true (default).

--nosensitive

Sets CKA_SENSITIVE to false.

--extractable

Sets CKA_EXTRACTABLE to true.

--noextractable

Sets CKA_EXTRACTABLE to false (default).

--strongprime

Uses CKM_RSA_X9_31_KEY_PAIR_GEN to generate the key, rather than CKM_RSA_PKCS_KEY_PAIR_GEN.

--pubexp17

Uses alternate public exponent 17.
Not valid in FIPS.

Help options

-h, --help

Displays help for ckrsagen.

-u, --usage

Displays a brief usage summary for ckrsagen.

-V, --version

Displays the version number of the Security World Software that deploys ckrsagen.