1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "PKCS15-CRYPT" 1 "" "" "OpenSC"
.SH NAME
pkcs15-crypt \- perform crypto operations using pkcs15 smart card
.SH "SYNOPSIS"
.PP
\fBpkcs15\-crypt\fR [OPTIONS]
.SH "DESCRIPTION"
.PP
The \fBpkcs15\-crypt\fR utility can be used from the command line to perform cryptographic operations such as computing digital signatures or decrypting data, using keys stored on a PKCS #15 compliant smart card\&.
.SH "OPTIONS"
.PP
.TP
\fB\-\-sign, \-s\fR
Perform digital signature operation on the data read from a file specified using the \fBinput\fR option\&. By default, the contents of the file are assumed to be the result of an MD5 hash operation\&. Note that \fBpkcs15\-crypt\fR expects the data in binary representation, not ASCII\&.
The digital signature is stored, in binary representation, in the file specified by the \fBoutput\fR option\&. If this option is not given, the signature is printed on standard output, displaying non\-printable characters using their hex notation xNN (see also \fB\-\-raw\fR)\&.
.TP
\fB\-\-pkcs1\fR
By default, \fBpkcs15\-crypt\fR assumes that input data has been padded to the correct length (i\&.e\&. when computing an RSA signature using a 1024 bit key, the input must be padded to 128 bytes to match the modulus length)\&. When giving the \fB\-\-pkcs1\fR option, however, \fBpkcs15\-crypt\fR will perform the required padding using the algorithm outlined in the PKCS #1 standard version 1\&.5\&.
.TP
\fB\-\-sha\-1\fR
This option tells \fBpkcs15\-crypt\fR that the input file is the result of an SHA1 hash operation, rather than an MD5 hash\&. Again, the data must be in binary representation\&.
.TP
\fB\-\-decipher, \-c\fR
Decrypt the contents of the file specified by the \fB\-\-input\fR option\&. The result of the decryption operation is written to the file specified by the\fB\-\-output\fR option\&. If this option is not given, the decrypted data is printed to standard output, displaying non\-printable characters using their hex notation xNN (see also\fB\-\-raw\fR)\&.
.TP
\fB\-\-key\fR \fIid\fR, \fB\-k\fR \fIid\fR
Selects the ID of the key to use\&.
.TP
\fB\-\-reader\fR \fIN\fR, \fB\-r\fR \fIN\fR
Selects the \fIN\fR\-th smart card reader configured by the system\&. If unspecified,\fBpkcs15\-crypt\fR will use the first reader found\&.
.TP
\fB\-\-input\fR \fIfile\fR, \fB\-i\fR \fIfile\fR
Specifies the input file to use\&.
.TP
\fB\-\-output\fR \fIfile\fR, \fB\-o\fR \fIfile\fR
Any output will be sent to the specified file\&.
.TP
\fB\-\-raw, \-R\fR
Outputs raw 8 bit data\&.
.TP
\fB\-\-pin\fR \fIpin\fR, \fB\-p\fR \fIpin\fR
When the cryptographic operation requires a PIN to access the key, \fBpkcs15\-crypt\fR will prompt the user for the PIN on the terminal\&. Using this option allows you to specify the PIN on the command line\&.
Note that on most operating systems, the command line of a process can be displayed by any user using the ps(1) command\&. It is therefore a security risk to specify secret information such as PINs on the command line\&.
.TP
\fB\-\-verbose, \-v\fR
Causes \fBpkcs15\-crypt\fR to be more verbose\&. Specify this flag several times to enable debug output in the OpenSC library\&.
.SH "SEE ALSO"
.PP
pkcs15\-init(1), pkcs15\-tool(1)
|
