File: pkcs15-tool.xml

package info (click to toggle)
opensc 0.11.1-2etch2
  • links: PTS
  • area: main
  • in suites: etch
  • size: 7,284 kB
  • ctags: 7,257
  • sloc: ansic: 69,499; sh: 9,480; xml: 4,191; makefile: 346; lex: 92; perl: 25
file content (136 lines) | stat: -rw-r--r-- 4,988 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
 
<?xml version="1.0" encoding="UTF-8"?>
<refentry id="pkcs15-tool">
	<refmeta>
		<refentrytitle>pkcs15-tool</refentrytitle>
		<manvolnum>1</manvolnum>
		<refmiscinfo>opensc</refmiscinfo>
	</refmeta>

	<refnamediv>
		<refname>pkcs15-tool</refname>
		<refpurpose>utility for manipulating PKCS #15 data structures
		on smart cards and similar security tokens</refpurpose>
	</refnamediv>

	<refsect1>
		<title>Synopsis</title>
		<para>
			<command>pkcs15-tool</command> [OPTIONS]
		</para>
	</refsect1>

	<refsect1>
		<title>Description</title>
		<para>
			The <command>pkcs15-tool</command> utility is used to manipulate
			the PKCS #15 data structures on smart cards and similar security
			tokens. Users can list and read PINs, keys and certificates stored
			on the token. User PIN authentication is performed for those
			operations that require it.
		</para>
	</refsect1>

	<refsect1>
		<title>Options</title>
		<para>
			<variablelist>
				<varlistentry>
					<term><option>--learn-card, -L</option></term>
					<listitem><para>Cache PKCS #15 token data to the local filesystem.
					Subsequent operations are performed on the cached data where possible.
					If the cache becomes out-of-sync with the token state (eg. new key is
					generated and stored on the token), the cache should be updated or
					operations may show stale results.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--read-certificate</option> <varname>cert</varname>,
					<option>-r</option> <varname>cert</varname></term>
					<listitem><para>Reads the certificate with the given id.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--list-certificates, -c</option></term>
					<listitem><para>Lists all certificates stored on the token.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--list-pins</option></term>
					<listitem><para>Lists all PINs stored on the token. General information
					about each PIN is listed (eg. PIN name). Actual PIN values are not shown.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--change-pin</option></term>
					<listitem><para>Changes a PIN stored on the token. User authentication
					is required for this operation.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--unblock-pin, -u</option></term>
					<listitem><para>Unblocks a PIN stored on the token. Knowledge of the Pin Unblock Key (PUK) is required for this operation.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--list-keys, -k</option></term>
					<listitem><para>Lists all private keys stored on the token. General
					information about each private key is listed (eg. key name, id and
					algorithm). Actual private key values are not displayed.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--list-public-keys</option></term>
					<listitem><para>Lists all public keys stored on the token, including
					key name, id, algorithm and length information.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--read-public-key</option> <varname>id</varname></term>
					<listitem><para>Reads the public key with id <varname>id</varname>,
					allowing the user to extract and store or use the public key.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--output</option> <varname>filename</varname>,
					<option>-o</option> <varname>filename</varname></term>
					<listitem><para>Specifies where key output should be written.
					If <varname>filename</varname> already exists, it will be overwritten.
					If this option is not given, keys will be printed to standard output.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--no-cache</option></term>
					<listitem><para>Disables token data caching.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--pin-id</option> <varname>pin</varname>,
					<option>-a</option> <varname>pin</varname></term>
					<listitem><para>Specifies the auth id of the PIN to use for the
					operation. This is useful with the --change-pin operation.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--reader</option> <varname>num</varname></term>
					<listitem><para>Forces <command>pkcs15-tool</command> to use reader
					number <varname>num</varname> for operations. The default is to use
					reader number 0, the first reader in the system.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--verbose, -v</option></term>
					<listitem><para>Causes <command>pkcs15-tool</command> to be more
					verbose. Specify this flag several times to enable debug output
					in the OpenSC library.</para></listitem>
				</varlistentry>

			</variablelist>
		</para>
	</refsect1>
	
	<refsect1>
		<title>See also</title>
		<para>opensc(7), pkcs15-init(1), pkcs15-crypt(1)</para>
	</refsect1>

</refentry>