EFIKEYGEN(1)						      General Commands Manual						      EFIKEYGEN(1)

NAME

       efikeygen - command line tool for generating keys to use for PE image signing

SYNOPSIS

       efikeygen <[--ca | -C] [--self-sign | -S] | [--signer=nickname]>
	      [--token=token | -t token]
	      [--nickname=nickname | -n nickname]
	      [--common-name=common name | -c common name]
	      [--url=url | -u url]
	      [--serial=serial | -s serial]

DESCRIPTION

       efikeygen  is  a command line tool for generating keys and certificates to be used with pesign.	These are standard X.509 certificates, and
       can potentially be generated with any certificate creation tool.  efikeygen simply sets generates keys with sensible options set for a  key
       to be used for PE image signing.

OPTIONS

       --ca   The certificate being generated is for a CA.

       --self-sign
	      The generated certificate is to be self signed.

       --signer=nickname
	      Nickname of certificate to be used to sign the generated certificate.

       --token=token
	      Use the specified NSS token's certificate database.

       --nickname=nickname
	      The nickname to use for the generated certificate.

       --common-name=common-name
	      The  X.509  Common  Name	for  the generated certificate.  This should be in rfc2253 syntax, i.e. "CN=John Doe,OU=editing,O=New York
	      Times,L=New York,ST=NY,C=US"

       --url=url
	      Informational url regarding objects signed with this key.

       --serial=serial number
	      Serial number for use with this key.  A certificate is identified by its signer and its serial number,  so it's best not to ever re-
	      use this value with the same signer.

SEE ALSO

       pesign(1)

AUTHORS

       Peter Jones

								  Mon Jan 07 2013						      EFIKEYGEN(1)