PreviousNext

Public Key Attributes

pkgenprivkey {integer | default}
Updates the public key pair used by the security server for public key authentication. Used only with the modify operation and only for the principal named krbgt/cellname. The integer argument defines the bit length of the key modulus. It can be a value of 0 or a number from 256 through 1024 inclusive. A 0 indicates that no key pair will be generated. The default for integer is 0.

The default argument indicates that the public key default for the key modulus should be used.

pkkeycipherusage pk_attributes
Generates or modifies information used to encrypt public key pairs. Used with the create and modify operations, this attribute allows you to generate new key pairs, update existing key pairs, and change the public key password. The pk_attributes listed below define the tasks to perform and supply the information needed to perform the tasks.

generatekey {integer | default}
Randomly generate a new public key pair to use for encryption. The randomly generated key pair will create a new pair if none exists for the account or update the existing pair. If you supply this attribute, you cannot supply the publickeyfile and privatekeyfile attributes.

The integer argument defines the bit length of the key modulus. It can be a value of 0 or a number from 256 through 1024 inclusive. A 0 indicates that no key pair will be generated. The default for integer is 0.

The default argument indicates that the public key default for the key modulus should be used.

oldpassphrase string
The current public key password used to verify your identity when creating or modifying public key attributes. To change only the password, supply this attribute and the newspassphrase attribute with no other public key attributes.

newpassphrase string
Use this attribute to supply a new password. To change the password, you must also supply the oldpassphrase attribute to verify your identity.

privatekeyfile file_path
Use the key stored in the file identified by the file_path option to create the private key part of a public key pair used for encryption. If you supply this attribute, you cannot supply the generatekey attribute.

publickeyfile file_path
Use the key stored in the file identified by the file_path option to create the public key part of a public key pair used for encryption. If you supply this attribute, you cannot supply the generatekey attribute.

pkkeysignatureusage pk_attributes
Generates or modifies information used to generate digital signatures. Used with the create or modify operation, this attribute allows you to generate a new signed key pair, update an existing key pair, and change the public key password. The pk_attributes define the tasks to perform and supply the information needed to perform the tasks. The are the same attributes as the ones described for the pkkeycipherusage pk_attribute.

pkmechanism {file | pkss}
The public key mechanism to use for storing public key information.

The file argument indicates the public key information will be stored in a file that is given the account principal's UUID as a filename in the directory opt/dcelocal/var/securityk_file/uuid.

The pkss argument indicates the public key information will be stored by the Private Key Storage Server.

See the OSF DCE Administration Guide for more information about account attributes.