mkaclx
mkaclx [-kKCMrRqviGA] [-a IDENT[:MECH]] [-t TYPE] [-b BITS] [-g BITS]
[-O OPPERMS] [-m MODULE] [-N NAME] [-T TIME] [-U N] IDENT
Generates non-standard cryptographic keys that can be used to perform specific functions, for example, to wrap keys and derive mechanisms.
This utility includes options that are not available with the generate-key
utility.
Ensure that you run mkaclx with the options that are appropriate for your security infrastructure.
If the appropriate options are not chosen, the security of existing keys might potentially be compromised.
|
Option | Description |
---|---|
Key generation parameters |
|
|
Generates a key with length |
|
Group size is |
|
Stores a key generation certificate (default). |
|
Doesn’t store a key generation certificate. |
|
Disables listing |
|
Selects the type of the generated key. |
Key protection options |
|
|
Restricts the use of key to SEE programs signed by SEE integrity key |
|
Requires the key to be assigned ( |
|
Generates a cardset-protected key. |
|
Requires logging of usage of the key. |
|
Writes the blob to the module’s NVRAM. |
|
Generates a module-protected key (default). |
|
Allows key to be recoverable (default). |
|
Doesn’t allow key to be recoverable. |
|
Generates a softcard-protected module key using softcard |
|
Sets the time limit of |
|
Sets per-auth use limit of N on main-use operations. |
Other settings |
|
|
Shows the command and requests confirmation. |
|
Sets the key’s name. |
|
Produces fewer messages on successful runs. |
|
Produces more messages on successful runs. |
Option to address HSMs |
|
|
Specifies the number of the module to use. |
Help options |
|
|
Displays help for |
|
Displays a brief usage summary for |
|
Displays the version number of the Security World Software that deploys |