Generate keypair
Generate keypair commands begin with:
smctl keypair generate
or
smctl kp gen
Subcommands
Generate keypair commands support these subcommands:
Subcommand | Description |
---|---|
profile | Generate key using keypair profile. |
ecdsa | Generate a keypair with ECDSA algorithm. |
eddsa | Generate a keypair with EdDSA algorithm. |
mldsa | Generate a keypair with PQC MLDSA algorithm. |
rsa | Generate a keypair with RSA algorithm. |
slhdsa | Generate a keypair with PQC SLHDSA algorithm. |
Flags
Generate keypair commands support these flags:
Shortcut | Flag | Description |
---|---|---|
--auto-renew string | Auto-renew this certificate. | |
--cert-alias string | Specify an alias for the default certificate you want to create. | |
--generate-cert | Generate a certificate (default false). | |
--groups string | Group IDs for keypair. Format: --groups="<value>" | |
-hsm-partition-id string | Provide the HSM partition ID to specify which HSM you want the keypair to be stored on. | |
--restricted | Restricted (can only be used by users and groups that are mapped to the keypair) or open (available to all users in the account). Default is restricted. | |
--users string | User IDs for keypair. Format: --users="<value>" | |
--team-id string | Assign the keypair to a team by specifying the team ID. | |
--account-id string | Account ID for the user. Format: --account-id="<value>" | |
-h | --help | Help for generating keypairs. |
Examples
Generate a keypair
Generate a keypair when keypair profiles are not enabled on the account.
Command:
smctl keypair generate <algorithm> <keypair alias>
Command sample:
smctl keypair generate rsa keypair-alias-kp1
Generate a keypair on a specific HSM
Generate a keypair on a specific HSM.
Command:
smctl kp gen <algorithm> <keypair alias> --key-storage HSM --hsm-partition-id=<HSM ID>
Command sample:
smctl kp gen rsa keypair1 --key-storage HSM --hsm-partition-id=386425F3GD207A379FAE38426
Generate key with keypair profile ID
Generate a keypair with the specified keypair profile ID. This command is used when keypair profiles are enabled on the account.
Command:
smctl keypair generate profile <keypair alias> <keypair profile id>
Command sample:
smctl keypair generate profile kp1 6109c7ab-c47f-4a3e-a6ea-57203016d725
Generate a key and certificate with different aliases
Generate a keypair and certificate with different aliases by referencing the an alias for the certificate, keypair, and providing the certificate profile. This command is used when certificate profiles are enabled on the account.
Command:
smctl keypair generate <algorithm> <key alias> --generate-cert --cert-alias <cert alias> --cert-profile-id <cert_profile_ID>
Command sample:
smctl keypair generate rsa RSA-KP-1 --generate-cert --cert-alias CERT-1 --cert-profile-id 022df79f-e684-4788-be16-b490cbfbc46c