USAGE

crypt-multikey-new-pkey [OPTIONS] [OUT_FILENAME]
# or
echo $PASSWORD | crypt-multikey-new-pkey [OPTIONS] > OUT_FILENAME

This creates a new PKey (public/private keypair) protected by a password (or specified --protection-scheme) and exports it in PEM format.

OPTIONS

--type (-t) ALGORITHM

Specify the public key cryptography algorithm: rsa, secp256k1, x25519, ml-kem, or a more speciic type from perldoc Crypt::MultiKey::PKey. ml-kem is a post-quantum algorithm that requires OpenSSL 3.5 or newer.

--protection-scheme (-p) SCHEME

Specify the method for encrypting or otherwise protecting the private half of the key: none, Password, SSHAgentSignature, YKChalResp, FIDO2.

The default is Password.

--output (-o) FILENAME

Specify the output filename. - means STDOUT. The file must not already exist.

--opt-ident PUBKEY_HEX

Specify an SSH Agent Identify to use for -p SSHAgentSignature.

--fido2-create-cred

Implies 'Y' to the prompt asking whether to create a new FIDO2 credential.

--fido2-cred-id BASE64

Specify a pre-existing FIDO2 credential, for use with -p FIDO2. You will also need to specify --fido2-cred-pubkey.

--fido2-cred-pubkey BASE64

Specify the public key of a pre-existing FIDO2 credential.

--fido2-cred-cose-alg NAME

Specify an alternate algorithm for the FIDO2 credential.