NAME

OpenXPKI::Server::API2::Plugin::Crypto::generate_key

COMMANDS

generate_key

Creates a new cryptographic key and returns it encrypted representation in PEM format.

Parameters

"password" Str - passwort for key encryption. Required.
"key_alg" Str - key algorithm, e.g. "RSA", "DSA", "EC" etc. Default: "RSA"
"enc_alg" Str - encryption algorithm, e.g. "AES256" etc. Default: crypto backend's default
"key_length" Int - only RSA/DSA: key length. Default: 2048
"curve" Str - only EC: curve name. Required.
"pkeyopt" HashRef|ArrayRef - more options to directly pass to OpenSSL. If specified, these option win over other parameters (e.g. "options->{rsa_keygen_bits}" wins over "key_length") For some combinations openssl needs a defined order of the option params, if this is required pass a list of hashes. Otherwise a hash with key/values will also do.

"paramset" Str - PEM encoded parameter set whose contents will be passed to "openssl genpkey -paramfile ..."

Changes compared to API v1:

The previous parameter "PARAMS" was removed. The hash keys used in it are now "first class" parameters:

    # old
    PARAMS => {
        PKEYOPT    => { ... },
        KEY_LENGTH => $len,
        ECPARAM    => $pem_ec_param,
        DSAPARAM   => $pem_dsa_param,
        CURVE_NAME => $curve,
    }
    # new
    key_length  => $len,
    pkeyopt     => { p1 => v1, p2 => v2 } or [{ p1 => v1 }, { p2 => v2 }],
    paramset    => $pem_ec_param, # or $pem_dsa_param
    curve       => $curve,

The previously unused parameter "ISSUER" was removed.