Skip to main content

Generate keypair

Generate keypair commands begin with:

smctl keypair generate

or

smctl kp gen

Subcommands

Generate keypair commands support these subcommands:

Tabela 1. Subcommands for generating a keypair

Subcommand

Description

profile

Generate key using keypair profile.

ecdsa

Generate a keypair with ECDSA algorithm.

eddsa

Generate a keypair with EdDSA algorithm.

mldsa

Generate a keypair with PQC MLDSA algorithm.

rsa

Generate a keypair with RSA algorithm.

slhdsa

Generate a keypair with PQC SLHDSA algorithm.


Flags

Generate keypair commands support these flags:

Tabela 2. Flags for generating a keypair

Shortcut

Flag

Description

--auto-renew string

Auto-renew this certificate.

--cert-alias string

Specify an alias for the default certificate you want to create.

--generate-cert

Generate a certificate (default false).

--groups string

Group IDs for keypair. 

Format:

--groups="<value>"

-hsm-partition-id string

Provide the HSM partition ID to specify which HSM you want the keypair to be stored on.

--restricted

Restricted (can only be used by users and groups that are mapped to the keypair) or open (available to all users in the account). Default is restricted.

--users string

User IDs for keypair. 

Format:

--users="<value>"

--team-id string

Assign the keypair to a team by specifying the team ID.

--account-id string

Account ID for the user. 

Format:

--account-id="<value>"

-h

--help

Help for generating keypairs.


Examples

Generate a keypair

Generate a keypair when keypair profiles are not enabled on the account.

Command:

smctl keypair generate <algorithm> <keypair alias>

Command sample:

smctl keypair generate rsa keypair-alias-kp1

Generate a keypair on a specific HSM

Generate a keypair on a specific HSM.

Command:

smctl kp gen <algorithm> <keypair alias> --key-storage HSM --hsm-partition-id=<HSM ID>

Command sample:

smctl kp gen rsa keypair1 --key-storage HSM --hsm-partition-id=386425F3GD207A379FAE38426

Generate key with keypair profile ID

Generate a keypair with the specified keypair profile ID. This command is used when keypair profiles are enabled on the account.

Command:

smctl keypair generate profile <keypair alias> <keypair profile id>

Command sample:

smctl keypair generate profile kp1 6109c7ab-c47f-4a3e-a6ea-57203016d725

Generate key and certificate with shared alias

Generate a keypair and certificate with the same alias by referencing the shared alias and certificate profile. This command is used when certificate profiles are enabled on the account.

Command:

 smctl keypair generate <algorithm> <shared alias> --generate-cert --cert-profile-id <cert_profile_ID>

Command sample:

 smctl keypair generate rsa RSA-1 --generate-cert --cert-profile-id 022df79f-e684-4788-be16-b490cbfbc46c

Generate a key and certificate with different aliases

Generate a keypair and certificate with different aliases by referencing the an alias for the certificate, keypair, and providing the certificate profile. This command is used when certificate profiles are enabled on the account.

Command:

smctl keypair generate <algorithm> <key alias> --generate-cert --cert-alias <cert alias> --cert-profile-id <cert_profile_ID>

Command sample:

smctl keypair generate rsa RSA-KP-1 --generate-cert --cert-alias CERT-1 --cert-profile-id 022df79f-e684-4788-be16-b490cbfbc46c
Nesta secção: