Provided by: pesign_0.110-2_amd64 bug


       efikeygen - command line tool for generating keys to use for PE image signing


       efikeygen <[--ca | -C] [--self-sign | -S] | [--signer=nickname]>
              [--token=token | -t token]
              [--nickname=nickname | -n nickname]
              [--common-name=common name | -c common name]
              [--url=url | -u url]
              [--serial=serial | -s serial]


       efikeygen  is  a  command  line  tool for generating keys and certificates to be used with
       pesign.  These are standard X.509 certificates, and can potentially be generated with  any
       certificate creation tool.  efikeygen simply sets generates keys with sensible options set
       for a key to be used for PE image signing.


       --ca   The certificate being generated is for a CA.

              The generated certificate is to be self signed.

              Nickname of certificate to be used to sign the generated certificate.

              Use the specified NSS token's certificate database.

              The nickname to use for the generated certificate.

              The X.509 Common Name for the generated certificate.  This  should  be  in  rfc2253
              syntax, i.e. "CN=John Doe,OU=editing,O=New York Times,L=New York,ST=NY,C=US"

              Informational url regarding objects signed with this key.

       --serial=serial number
              Serial number for use with this key.  A certificate is identified by its signer and
              its serial number,  so it's best not to  ever  re-use  this  value  with  the  same
              signer.   By  default, this value will be generated using /dev/urandom .  It is not
              recommended to use this option to override that.




       Peter Jones

                                         Mon Jan 07 2013                             EFIKEYGEN(1)