nethsm-key-generate(1)      General Commands Manual     nethsm-key-generate(1)

NAME
       nethsm-key-generate - Generate a new key

SYNOPSIS
       nethsm key generate [-L|--length] [-k|--key-id] [-t|--tags]
       [-a|--auth-passphrase-file] [-c|--config] [-l|--label] [-u|--user]
       [-h|--help] [KEY_TYPE] [KEY_MECHANISMS]

DESCRIPTION
       Generate a new key

       The provided key type and list of key mechanisms have to match: * "Rsa"
       requires one of [RsaDecryptionRaw, RsaDecryptionPkcs1,
       RsaDecryptionOaepMd5, RsaDecryptionOaepSha1, RsaDecryptionOaepSha224,
       RsaDecryptionOaepSha256, RsaDecryptionOaepSha384,
       RsaDecryptionOaepSha512, RsaSignaturePkcs1, RsaSignaturePssMd5,
       RsaSignaturePssSha1, RsaSignaturePssSha224, RsaSignaturePssSha256,
       RsaSignaturePssSha384, RsaSignaturePssSha512] * "Curve25519" requires
       one of [EdDsaSignature] * "EcP256", "EcP384" and "EcP521" require one
       of [EcdsaSignature] * "Generic" requires at least one of
       [AesDecryptionCbc, AesEncryptionCbc]

       System-wide users in the "Administrator" role generate system-wide
       keys.  Namespaced users in the "Administrator" role generate keys in
       their own namespace.

       Note: Although assigning tags to the new key is optional, it is highly
       recommended as not doing so means that all users in the same scope have
       access to it!

       Requires authentication of a user in the "Administrator" role.

OPTIONS
       -L, --length <LENGTH>
              The optional bit length of the generated key

              If none is provided, a default is chosen.
              May also be specified with the NETHSM_KEY_BIT_LENGTH environment
              variable.

       -k, --key-id <KEY_ID>
              An optional unique ID that is assigned to the generated key

              If none is provided a generic one is generated for the key.
              May also be specified with the NETHSM_KEY_ID environment
              variable.

       -t, --tags <TAGS>
              An optional list of tags that are assigned to the generated key

              Tags on keys are used to grant access to those keys for users
              that carry the same tags.
              May also be specified with the NETHSM_KEY_TAGS environment
              variable.

       -a, --auth-passphrase-file <AUTH_PASSPHRASE_FILE>
              The path to a file containing a passphrase for authentication

              The passphrase provided in the file must be the one for the user
              chosen for the command.

              This option can be provided multiple times, which is needed for
              commands that require multiple roles at once.  With multiple
              passphrase files ordering matters, as the files are assigned to
              the respective user provided by the "--user" option.
              May also be specified with the NETHSM_AUTH_PASSPHRASE_FILE
              environment variable.

       -c, --config <CONFIG>
              The path to a custom configuration file

              If specified, the custom configuration file is used instead of
              the default configuration file location.
              May also be specified with the NETHSM_CONFIG environment
              variable.

       -l, --label <LABEL>
              A label uniquely identifying a device in the configuration file

              Must be provided if more than one device is setup in the
              configuration file.
              May also be specified with the NETHSM_LABEL environment
              variable.

       -u, --user <USER>
              A user name which is used for a command

              Can be provided, if no user name is setup in the configuration
              file for a device.  Must be provided, if several user names of
              the same target role are setup in the configuration file for a
              device.

              This option can be provided multiple times, which is needed for
              commands that require multiple roles at once.

              May also be specified with the NETHSM_USER environment variable.

       -h, --help
              Print help (see a summary with '-h')

       [KEY_TYPE]
              The optional type of key to generate

              The key type must match the chosen key mechanisms!

              One of ["Curve25519", "EcP256", "EcP384", "EcP521", "Generic",
              "Rsa"] (defaults to "Curve25519").
              May also be specified with the NETHSM_KEY_TYPE environment
              variable.

       [KEY_MECHANISMS]
              The mechanisms provided by the generated key

              The key mechanisms must match the chosen key type!

              At least one of ["AesDecryptionCbc", "AesEncryptionCbc",
              "EcdsaSignature", "EdDsaSignature", "RsaDecryptionOaepMd5",
              "RsaDecryptionOaepSha1", "RsaDecryptionOaepSha224",
              "RsaDecryptionOaepSha256", "RsaDecryptionOaepSha384",
              "RsaDecryptionOaepSha512", "RsaDecryptionPkcs1",
              "RsaDecryptionRaw", "RsaSignaturePkcs1", "RsaSignaturePssMd5",
              "RsaSignaturePssSha1", "RsaSignaturePssSha224",
              "RsaSignaturePssSha256", "RsaSignaturePssSha384",
              "RsaSignaturePssSha512"] (defaults to "EdDsaSignature").
              May also be specified with the NETHSM_KEY_MECHANISMS environment
              variable.

                             nethsm-key-generate        nethsm-key-generate(1)