Next: Importing a Secret Key, Previous: Signing a Hash, Up: Agent’s Assuan Protocol [Contents][Index]
This is used to create a new keypair and store the secret key inside the active PSE — which is in most cases a Soft-PSE. A not-yet-defined option allows choosing the storage location. To get the secret key out of the PSE, a special export tool has to be used.
GENKEY [--no-protection] [--preset] [<cache_nonce>]
Invokes the key generation process and the server will then inquire on the generation parameters, like:
S: INQUIRE KEYPARM C: D (genkey (rsa (nbits 1024))) C: END
The format of the key parameters which depends on the algorithm is of the form:
(genkey (algo (parameter_name_1 ....) .... (parameter_name_n ....)))
If everything succeeds, the server returns the *public key* in a SPKI like S-Expression like this:
(public-key (rsa (n <mpi>) (e <mpi>)))
Here is an example session:
C: GENKEY S: INQUIRE KEYPARM C: D (genkey (rsa (nbits 1024))) C: END S: D (public-key S: D (rsa (n 326487324683264) (e 10001))) S OK key created |
The --no-protection option may be used to prevent prompting for a passphrase to protect the secret key while leaving the secret key unprotected. The --preset option may be used to add the passphrase to the cache using the default cache parameters.
The --inq-passwd option may be used to create the key with a
supplied passphrase. When used the agent does an inquiry with the
keyword NEWPASSWD
to retrieve that passphrase. This option
takes precedence over --no-protection; however if the client
sends a empty (zero-length) passphrase, this is identical to
--no-protection.
Next: Importing a Secret Key, Previous: Signing a Hash, Up: Agent’s Assuan Protocol [Contents][Index]