efikeygen - command line tool for generating keys to use for PE
image signing
efikeygen <[--ca | -C] [--self-sign | -S] |
[--signer=nickname]>
[--token=token | -t token]
[--nickname=nickname | -n nickname]
[--common-name=common name | -c common name]
[--url=url | -u url]
[--serial=serial | -s serial]
efikeygen is a command line tool for generating keys and
certificates to be used with pesign. These are standard X.509 certificates,
and can potentially be generated with any certificate creation tool.
efikeygen simply sets generates keys with sensible options set for a key to
be used for PE image signing.
- --ca
- The certificate being generated is for a CA.
- --self-sign
- The generated certificate is to be self signed.
- --signer=nickname
- Nickname of certificate to be used to sign the generated certificate.
- --token=token
- Use the specified NSS token's certificate database.
- --nickname=nickname
- The nickname to use for the generated certificate.
- --common-name=common-name
- The X.509 Common Name for the generated certificate. This should be in
rfc2253 syntax, i.e. "CN=John Doe,OU=editing,O=New York Times,L=New
York,ST=NY,C=US"
- --url=url
- Informational url regarding objects signed with this key.
- --serial=serial
number
- Serial number for use with this key. A certificate is identified by its
signer and its serial number, so it's best not to ever re-use this value
with the same signer. By default, this value will be generated using
/dev/urandom . It is not recommended to use this option to override that.