1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
|
.TH QCATOOL "1" "August 2007" "qcatool 1.0.0" "Qt Cryptographic Architecture (QCA)"
.SH NAME
qcatool \- command line tool for the Qt Cryptographic Architecture
.SH DESCRIPTION
qcatool is a command line tool for performing various cryptographic
operations with the Qt Cryptographic Architecture (QCA). qcatool can
also be used for testing and debugging QCA.
.SH USAGE
qcatool has a range of options and commands. You only ever get to
use one command, but you may use several, one or no options.
.SH OPTIONS
As noted above, these are all optional, and may be combined.
.PP
.TP
\fB\-\-pass\fR=PASSWORD
Specify the password to use. This is probably a bad idea except for
testing, because anyone can read the arguments to a command line
application.
.TP
\fB\-\-newpass\fR=PASSWORD
Specify the new password to use for password change
with the \fBkey changepass\fR and \fBkeybundle changepass\fR commands.
This is probably a bad idea except for
testing, because anyone can read the arguments to a command line
application.
.TP
\fB\-\-nonroots\fR=CERTIFICATES
Specify additional certificates, not trusted, but which may be used
in the trust path if appropriate trust can be established.
.TP
\fB\-\-roots\fR=CERTIFICATES
Specify additional certificates which can be used as trusted (root)
certificates.
.TP
\fB\-\-nosys\fR
Disable use of the standard root certificates that are provided by
the operating system.
.TP
\fB\-\-noprompt\fR
Disable prompting for passwords/passphrases. If you do not provide
the passphrase on the command line (with \fB\-\-pass\fR or \fB\-\-newpass\fR)
this will cause qcatool to abort the command if a password/passphrase is
required.
.TP
\fB\-\-ordered\fR
If outputting certificate information fields (Distinguished Name and Subject Alternative Name), show them in same the order that they are present in the certificate rather than in a friendly sorted order.
.TP
\fB\-\-debug\fR
Enable additional output to aid debugging.
.TP
\fB\-\-log-file=FILENAME\fR
Log to the specified file.
.TP
\fB\-\-log-level=LEVEL\fR
Log at the specified level. The log level can be between 0 (none)
and 8 (most).
.TP
\fB\-\-nobundle\fR
When S/MIME signing, do not bundle the signer's certificate chain inside the signature. This results in a smaller signature output, but requires the recipient to have all of the necessary certificates in order to verify it.
.SH COMMANDS
.TP
\fBhelp\fR, \fB\-\-help\fR, \fB\-h\fR
Output usage (help) information.
.TP
\fBversion\fR, \fB\-\-version\fR, \fB\-v\fR
Output version information.
.TP
\fBplugins\fR
List available plugins. Use the \fB\-\-debug\fR option to get
more information on plugins which are found and which ones actually
loaded.
.TP
\fBconfig save \fI[provider]\fR
Save provider configuration. Use this to have the provider's default configuration written to persistent storage, which you can then edit by hand.
.TP
\fBconfig edit \fI[provider]\fR
Edit provider configuration. The changes are written to persistent storage.
.TP
\fBkey make rsa|dsa [bits]\fR
Create a key pair
.TP
\fBkey changepass [K]
Add/change/remove passphrase of a key
.TP
\fBcert makereq [K]\fR
Create certificate request (CSR)
.TP
\fBcert makeself [K]\fR
Create self-signed certificate
.TP
\fBcert makereqadv [K]\fR
Advanced version of 'makereq'
.TP
\fBcert makeselfadv [K]\fR
Advanced version of 'makeself'
.TP
\fBcert validate [C]\fR
Validate certificate
.TP
\fBkeybundle make [K] [C]\fR
Create a keybundle
.TP
\fBkeybundle extract [X]\fR
Extract certificate(s) and key
.TP
\fBkeybundle changepass [X]\fR
Change passphrase of a keybundle
.TP
\fBkeystore list-stores\fR
List all available keystores
.TP
\fBkeystore list [storeName]\fR
List content of a keystore
.TP
\fBkeystore monitor\fR
Monitor for keystore availability
.TP
\fBkeystore export [E]\fR
Export a keystore entry's content
.TP
\fBkeystore exportref [E]\fR
Export a keystore entry reference
.TP
\fBkeystore addkb [storeName] [cert.p12]\fR
Add a keybundle into a keystore
.TP
\fBkeystore addpgp [storeName] [key.asc]\fR
Add a PGP key into a keystore
.TP
\fBkeystore remove [E]\fR
Remove an object from a keystore
.TP
\fBshow cert [C]\fR
Examine a certificate
.TP
\fBshow req [req.pem]\fR
Examine a certificate request (CSR)
.TP
\fBshow crl [crl.pem]\fR
Examine a certificate revocation list
.TP
\fBshow kb [X]\fR
Examine a keybundle
.TP
\fBshow pgp [P|S]\fR
Examine a PGP key
.TP
\fBmessage sign pgp|pgpdetach|smime [X|S]\fR
Sign a message
.TP
\fBmessage encrypt pgp|smime [C|P]\fR
Encrypt a message
.TP
\fBmessage signencrypt [S] [P]\fR
PGP sign & encrypt a message
.TP
\fBmessage verify pgp|smime\fR
Verify a message
.TP
\fBmessage decrypt pgp|smime ((X) ...)\fR
Decrypt a message (S/MIME needs X)
.TP
\fBmessage exportcerts\fR
Export certs from S/MIME message
.SH ARGUMENTS
The arguments to the commands are as follows.
K = private key.
C = certificate.
X = key bundle.
P = PGP public key.
S = PGP secret key.
E = generic entry.
These must be identified by either a filename or a keystore reference ("store:obj").
.SH AUTHOR
qcatool was written by Justin Karneges as part of QCA. This manual page
was written by Brad Hards.
|
