1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "PKCS15-TOOL" 1 "" "" "OpenSC"
.SH NAME
pkcs15-tool \- utility for manipulating PKCS #15 data structures on smart cards and similar security tokens
.SH "SYNOPSIS"
.PP
\fBpkcs15\-tool\fR [OPTIONS]
.SH "DESCRIPTION"
.PP
The \fBpkcs15\-tool\fR utility is used to manipulate the PKCS #15 data structures on smart cards and similar security tokens\&. Users can list and read PINs, keys and certificates stored on the token\&. User PIN authentication is performed for those operations that require it\&.
.SH "OPTIONS"
.PP
.TP
\fB\-\-learn\-card, \-L\fR
Cache PKCS #15 token data to the local filesystem\&. Subsequent operations are performed on the cached data where possible\&. If the cache becomes out\-of\-sync with the token state (eg\&. new key is generated and stored on the token), the cache should be updated or operations may show stale results\&.
.TP
\fB\-\-read\-certificate\fR \fIcert\fR, \fB\-r\fR \fIcert\fR
Reads the certificate with the given id\&.
.TP
\fB\-\-list\-certificates, \-c\fR
Lists all certificates stored on the token\&.
.TP
\fB\-\-list\-pins\fR
Lists all PINs stored on the token\&. General information about each PIN is listed (eg\&. PIN name)\&. Actual PIN values are not shown\&.
.TP
\fB\-\-change\-pin\fR
Changes a PIN stored on the token\&. User authentication is required for this operation\&.
.TP
\fB\-\-unblock\-pin, \-u\fR
Unblocks a PIN stored on the token\&. Knowledge of the Pin Unblock Key (PUK) is required for this operation\&.
.TP
\fB\-\-list\-keys, \-k\fR
Lists all private keys stored on the token\&. General information about each private key is listed (eg\&. key name, id and algorithm)\&. Actual private key values are not displayed\&.
.TP
\fB\-\-list\-public\-keys\fR
Lists all public keys stored on the token, including key name, id, algorithm and length information\&.
.TP
\fB\-\-read\-public\-key\fR \fIid\fR
Reads the public key with id \fIid\fR, allowing the user to extract and store or use the public key\&.
.TP
\fB\-\-output\fR \fIfilename\fR, \fB\-o\fR \fIfilename\fR
Specifies where key output should be written\&. If \fIfilename\fR already exists, it will be overwritten\&. If this option is not given, keys will be printed to standard output\&.
.TP
\fB\-\-no\-cache\fR
Disables token data caching\&.
.TP
\fB\-\-pin\-id\fR \fIpin\fR, \fB\-a\fR \fIpin\fR
Specifies the auth id of the PIN to use for the operation\&. This is useful with the \-\-change\-pin operation\&.
.TP
\fB\-\-reader\fR \fInum\fR
Forces \fBpkcs15\-tool\fR to use reader number \fInum\fR for operations\&. The default is to use reader number 0, the first reader in the system\&.
.TP
\fB\-\-verbose, \-v\fR
Causes \fBpkcs15\-tool\fR to be more verbose\&. Specify this flag several times to enable debug output in the OpenSC library\&.
.SH "SEE ALSO"
.PP
opensc(7), pkcs15\-init(1), pkcs15\-crypt(1)
|
