Provided by: pesign_0.112-6_amd64 
NAME
efikeygen - command line tool for generating keys to use for PE image signing
SYNOPSIS
efikeygen <[--ca | -C] [--self-sign | -S] | [--signer=nickname]>
[--token=token | -t token]
[--nickname=nickname | -n nickname]
[--common-name=common name | -c common name]
[--url=url | -u url]
[--serial=serial | -s serial]
DESCRIPTION
efikeygen is a command line tool for generating keys and certificates to be used with
pesign. These are standard X.509 certificates, and can potentially be generated with any
certificate creation tool. efikeygen simply sets generates keys with sensible options set
for a key to be used for PE image signing.
OPTIONS
--ca The certificate being generated is for a CA.
--self-sign
The generated certificate is to be self signed.
--signer=nickname
Nickname of certificate to be used to sign the generated certificate.
--token=token
Use the specified NSS token's certificate database.
--nickname=nickname
The nickname to use for the generated certificate.
--common-name=common-name
The X.509 Common Name for the generated certificate. This should be in rfc2253
syntax, i.e. "CN=John Doe,OU=editing,O=New York Times,L=New York,ST=NY,C=US"
--url=url
Informational url regarding objects signed with this key.
--serial=serial number
Serial number for use with this key. A certificate is identified by its signer and
its serial number, so it's best not to ever re-use this value with the same
signer. By default, this value will be generated using /dev/urandom . It is not
recommended to use this option to override that.
SEE ALSO
pesign(1)
AUTHORS
Peter Jones
Mon Jan 07 2013 EFIKEYGEN(1)