| version 1.97, 2010/07/15 21:20:38 |
version 1.98, 2010/08/04 06:07:11 |
|
|
| .It Fl D Ar pkcs11 |
.It Fl D Ar pkcs11 |
| Download the RSA public keys provided by the PKCS#11 shared library |
Download the RSA public keys provided by the PKCS#11 shared library |
| .Ar pkcs11 . |
.Ar pkcs11 . |
| |
When used in combination with |
| |
.Fl s , |
| |
this option indicates that a CA key resides in a PKCS#11 token (see the |
| |
.Sx CERTIFICATES |
| |
section for details). |
| .It Fl e |
.It Fl e |
| This option will read a private or public OpenSSH key file and |
This option will read a private or public OpenSSH key file and |
| print to stdout the key in one of the formats specified by the |
print to stdout the key in one of the formats specified by the |
|
|
| .Pp |
.Pp |
| The host certificate will be output to |
The host certificate will be output to |
| .Pa /path/to/host_key-cert.pub . |
.Pa /path/to/host_key-cert.pub . |
| In both cases, |
.Pp |
| |
It is possible to sign using a CA key stored in a PKCS#11 token by |
| |
providing the token library using |
| |
.Fl D |
| |
and identifying the CA key by providing its public half as an argument |
| |
to |
| |
.Fl s : |
| |
.Pp |
| |
.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub |
| |
.Pp |
| |
In all cases, |
| .Ar key_id |
.Ar key_id |
| is a "key identifier" that is logged by the server when the certificate |
is a "key identifier" that is logged by the server when the certificate |
| is used for authentication. |
is used for authentication. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh