updated documentation

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-11-28 23:46:31 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-12-06 08:58:46 +0100
commit: dbabed862fadeefb2eb1317d53ad4d0af528e8df (patch)
tree: f5a1fa9c14bf0b96cf0609bcd88719f8976afd50 /src/p11tool-args.def
parent: 434ea3aa21e01de4fe6422392c0c76a369b60ab1 (diff)
download: gnutls-dbabed862fadeefb2eb1317d53ad4d0af528e8df.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/src/p11tool-args.def b/src/p11tool-args.def
index 7b8e912e8b..6902dbee4b 100644
--- a/src/p11tool-args.def
+++ b/src/p11tool-args.def
@@ -246,6 +246,21 @@ $ p11tool --login --write "pkcs11:URL" --load-certificate cert.pem \
 @end example
 Note that some tokens require the same label to be used for the certificate
 and its corresponding private key.
+
+To generate an RSA private key inside the token use:
+@example
+$ p11tool --login --generate-rsa --bits 1024 --label "MyNewKey" \
+          --outfile MyNewKey.pub "pkcs11:TOKEN-URL"
+@end example
+The bits parameter in the above example is explicitly set because some
+tokens only support a limited number of bits. The output file is the
+corresponding public key. This key can be used to general a certificate
+request with certtool.
+@example
+certtool --generate-request --load-privkey "pkcs11:KEY-URL" \
+   --load-pubkey MyNewKey.pub --outfile request.pem
+@end example
+
 _EOT_;
 };
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-11-28 23:46:31 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-12-06 08:58:46 +0100
commit	dbabed862fadeefb2eb1317d53ad4d0af528e8df (patch)
tree	f5a1fa9c14bf0b96cf0609bcd88719f8976afd50 /src/p11tool-args.def
parent	434ea3aa21e01de4fe6422392c0c76a369b60ab1 (diff)
download	gnutls-dbabed862fadeefb2eb1317d53ad4d0af528e8df.tar.gz