Generate keypair
Generate keypair commands begin with:
smctl keypair generate <profile or algorithm type> <flag>
or the abbreviated command:
smctl kp gen <profile or algorithm type> <flag>
Tip
Adding a flag to this command is optional.
Subcommands
Generate keypair commands support these subcommands:
Subcommand | Description |
|---|---|
profile | Generate key using keypair profile. |
ecdsa | Generate a keypair with ECDSA algorithm. |
eddsa | Generate a keypair with EdDSA algorithm. |
mldsa | Generate a keypair with PQC MLDSA algorithm. |
rsa | Generate a keypair with RSA algorithm. |
slhdsa | Generate a keypair with PQC SLHDSA algorithm. |
Flags
Generate keypair commands support these flags:
Shortcut | Flag | Description |
|---|---|---|
--auto-renew string | Auto-renew this certificate. | |
--cert-alias string | Specify an alias for the default certificate you want to create. | |
--generate-cert | Generate a certificate (default false). | |
--groups string | Group IDs for keypair. Format: --groups="<value>" | |
-hsm-partition-id string | Provide the HSM partition ID to specify which HSM you want the keypair to be stored on. | |
--restricted | Restricted (can only be used by users and groups that are mapped to the keypair) or open (available to all users in the account). Default is restricted. | |
--users string | User IDs for keypair. Format: --users="<value>" | |
--team-id string | Assign the keypair to a team by specifying the team ID. | |
--account-id string | Account ID for the user. Format: --account-id="<value>" | |
-h | --help | Help for generating keypairs. |