efikeygen - command line tool for generating keys to use for PE image signing
<[--ca | -C] [--self-sign | -S] |
| -t token
| -n nickname
[--common-name= common name
| -c common name
| -u url
| -s serial
is a command line tool for generating keys and certificates to
be used with pesign. These are standard X.509 certificates, and can
potentially be generated with any certificate creation tool. efikeygen simply
sets generates keys with sensible options set for a key to be used for PE
- The certificate being generated is for a CA.
- The generated certificate is to be self signed.
- Nickname of certificate to be used to sign the generated
- Use the specified NSS token's certificate database.
- The nickname to use for the generated certificate.
- The X.509 Common Name for the generated certificate. This
should be in rfc2253 syntax, i.e. "CN=John Doe,OU=editing,O=New York
- Informational url regarding objects signed with this key.
- --serial=serial number
- Serial number for use with this key. A certificate is
identified by its signer and its serial number, so it's best not to ever
re-use this value with the same signer. By default, this value will be
generated using /dev/urandom . It is not recommended to use this option to