File tree Expand file tree Collapse file tree 1 file changed +11
-4
lines changed
source/components/nitrokeys/features/openpgp-card Expand file tree Collapse file tree 1 file changed +11
-4
lines changed Original file line number Diff line number Diff line change @@ -10,20 +10,27 @@ This article shows you how to setup your own private certificate authority backe
1010Choose Cryptographic Algorithms
1111-------------------------------
1212
13- I’m going to assume that you’re as paranoid as I am, so I will be using the following command for generating private keys :
13+ Prior generating your private key you can use this command in order to list all compatible algorithms :
1414
1515.. code-block :: bash
1616
17- pkcs11-tool -l --keypairgen --key-type EC:secp384r1 --label root
17+ pkcs11-tool -M
18+
19+
20+
21+ .. code-block :: bash
22+
23+ pkcs11-tool -l --keypairgen --key-type < algorithm> --label root
1824
19- But, if you’re less paranoid that I am, you can safely choose the following options :
25+ Some examples here :
2026
2127.. code-block :: bash
2228
29+ pkcs11-tool -l --keypairgen --key-type EC:secp384r1 --label root
2330 pkcs11-tool -l --keypairgen --key-type EC:secp256r1 --label root
2431 pkcs11-tool -l --keypairgen --key-type rsa:4096 --label root
2532
26- Likewise, I will be using the sha512 algorithm throughout this article, but sha256 can safely be used.
33+ ` NIST P-384 ` and ` sha512 ` algorithms will be used throughout this article, but ` NIST P-256 ` or ` RSA-4096 ` and ` sha256 ` can safely be used.
2734
2835Preparing to Start
2936------------------
You can’t perform that action at this time.
0 commit comments