Next: , Previous: , Up: Agent’s Assuan Protocol   [Contents][Index]


2.6.3 Generating a Key

This is used to create a new keypair and store the secret key inside the active PSE — which is in most cases a Soft-PSE. A not-yet-defined option allows choosing the storage location. To get the secret key out of the PSE, a special export tool has to be used.

   GENKEY [--no-protection] [--preset] [<cache_nonce>]

Invokes the key generation process and the server will then inquire on the generation parameters, like:

   S: INQUIRE KEYPARM
   C: D (genkey (rsa (nbits  1024)))
   C: END

The format of the key parameters which depends on the algorithm is of the form:

    (genkey
      (algo
        (parameter_name_1 ....)
          ....
        (parameter_name_n ....)))

If everything succeeds, the server returns the *public key* in a SPKI like S-Expression like this:

     (public-key
       (rsa
 	 (n <mpi>)
 	 (e <mpi>)))

Here is an example session:

   C: GENKEY
   S: INQUIRE KEYPARM
   C: D (genkey (rsa (nbits  1024)))
   C: END
   S: D (public-key
   S: D   (rsa (n 326487324683264) (e 10001)))
   S  OK key created

The --no-protection option may be used to prevent prompting for a passphrase to protect the secret key while leaving the secret key unprotected. The --preset option may be used to add the passphrase to the cache using the default cache parameters.

The --inq-passwd option may be used to create the key with a supplied passphrase. When used the agent does an inquiry with the keyword NEWPASSWD to retrieve that passphrase. This option takes precedence over --no-protection; however if the client sends a empty (zero-length) passphrase, this is identical to --no-protection.


Next: Importing a Secret Key, Previous: Signing a Hash, Up: Agent’s Assuan Protocol   [Contents][Index]