Add command to generate keypair on a PKCS#11 token

Signed-off-by: Zoltan Fridrich <[email protected]>

bash-completion/p11-kit

@@ -10,7 +10,7 @@ _p11-kit()
         COMPREPLY=( $(compgen -W "$opts" -- "$cur") )
         return
     elif [[ $cword -eq 1 ]]; then
-        local commands='export-object delete-object list-objects add-profile delete-profile list-profiles list-modules print-config extract server remote'
+        local commands='generate-keypair export-object delete-object list-objects add-profile delete-profile list-profiles list-modules print-config extract server remote'
         COMPREPLY=( $(compgen -W "$commands" -- "$cur") )
     fi
 } &&

doc/manual/p11-kit.xml

@@ -41,6 +41,12 @@
 	<cmdsynopsis>
 		<command>p11-kit delete-object</command> ...
 	</cmdsynopsis>
+	<cmdsynopsis>
+		<command>p11-kit generate-keypair</command>
+			<arg choice="plain">--label=&lt;label&gt;</arg>
+			<arg choice="plain">--type=&lt;algorithm&gt;</arg>
+			<arg choice="plain">--bits=&lt;n&gt;</arg> pkcs11:token
+	</cmdsynopsis>
 	<cmdsynopsis>
 		<command>p11-kit list-profiles</command> ...
 	</cmdsynopsis>
@@ -140,6 +146,37 @@ $ p11-kit delete-object pkcs11:token
 
 </refsect1>
 
+<refsect1 id="p11-kit-generate-keypair">
+	<title>Generate Key-pair</title>
+
+	<para>Generate key-pair on PKCS#11 a token.</para>
+
+<programlisting>
+$ p11-kit generate-keypair --label=label --type=algorithm --bits=n pkcs11:token
+</programlisting>
+
+	<para>Generate private-public key-pair of given type on specified token.
+	Should be used together with --type and --bits options.</para>
+
+	<variablelist>
+		<varlistentry>
+			<term><option>--label=&lt;label&gt;</option></term>
+			<listitem><para>Adds a label to the generated key-pair objects.</para></listitem>
+		</varlistentry>
+		<varlistentry>
+			<term><option>--type=&lt;algorithm&gt;</option></term>
+			<listitem><para>Determines the type of keys to generate.
+			Supported values are RSA, ECDSA, Ed25519</para></listitem>
+		</varlistentry>
+		<varlistentry>
+			<term><option>--bits=&lt;n&gt;</option></term>
+			<listitem><para>Specify the number of bits for the key-pair generation.
+			This option takes an integer as an argument.</para></listitem>
+		</varlistentry>
+	</variablelist>
+
+</refsect1>
+
 <refsect1 id="p11-kit-list-profiles">
 	<title>List Profiles</title>
 

p11-kit/Makefile.am

@@ -267,6 +267,7 @@ p11_kit_p11_kit_SOURCES = \
 	p11-kit/delete-object.c \
 	p11-kit/delete-profile.c \
 	p11-kit/export-object.c \
+	p11-kit/generate-keypair.c \
 	p11-kit/list-objects.c \
 	p11-kit/list-profiles.c \
 	p11-kit/lists.c \
@@ -292,6 +293,7 @@ p11_kit_p11_kit_testable_SOURCES = \
 	p11-kit/delete-object.c \
 	p11-kit/delete-profile.c \
 	p11-kit/export-object.c \
+	p11-kit/generate-keypair.c \
 	p11-kit/list-objects.c \
 	p11-kit/list-profiles.c \
 	p11-kit/lists.c \