Next: , Previous: Agent PKSIGN, Up: Agent Protocol


2.6.3 Generating a Key

This is used to create a new keypair and store the secret key inside the active PSE — which is in most cases a Soft-PSE. An not yet defined option allows to choose the storage location. To get the secret key out of the PSE, a special export tool has to be used.

        GENKEY [--no-protection] [--preset] [<cache_nonce>]

Invokes the key generation process and the server will then inquire on the generation parameters, like:

        S: INQUIRE KEYPARM
        C: D (genkey (rsa (nbits  1024)))
        C: END

The format of the key parameters which depends on the algorithm is of the form:

         (genkey
           (algo
             (parameter_name_1 ....)
               ....
             (parameter_name_n ....)))

If everything succeeds, the server returns the *public key* in a SPKI like S-Expression like this:

          (public-key
            (rsa
      	 (n <mpi>)
      	 (e <mpi>)))

Here is an example session:

        C: GENKEY
        S: INQUIRE KEYPARM
        C: D (genkey (rsa (nbits  1024)))
        C: END
        S: D (public-key
        S: D   (rsa (n 326487324683264) (e 10001)))
        S  OK key created

The --no-protection option may be used to prevent prompting for a passphrase to protect the secret key while leaving the secret key unprotected. The --preset option may be used to add the passphrase to the cache using the default cache parameters.

The --inq-passwd option may be used to create the key with a supplied passphrase. When used the agent does an inquiry with the keyword NEWPASSWD to retrieve that passphrase. This option takes precedence over --no-protection; however if the client sends a empty (zero-length) passphrase, this is identical to --no-protection.