piv-tool(1) [debian man page]
PIV-TOOL(1) OpenSC tools PIV-TOOL(1) NAME
piv-tool - smart card utility for HSPD-12 PIV cards SYNOPSIS
piv-tool [OPTIONS] The piv-tool utility can be used from the command line to perform miscellaneous smart card operations on a HSPD-12 PIV smart card as defined in NIST 800-73-3. It is intened for use with test cards only. It can be used to load objects, and generate key pairs, as well as send arbitrary APDU commands to a card after having authenticated to the card using the card key provided by the card vendor. OPTIONS
--serial Print the derived card serial number from the CHUID object if any. output is in hex byte format. --name, -n Print the name of the inserted card (driver) --admin argument, -A arguement Authenticate to the card using a 2DES or 3DES key. An arguement {A|M}:{ref}:{alg} is required, were A uses "EXTERNAL AUTHENTICATION" and M uses "MUTUAL AUTHENTICATION". ref is normally 9B, and alg is 03 for 3DES. The key is provided by card vendor, and the environment variable PIV_EXT_AUTH_KEY must point to a text file with the key in the format: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX --genkeyargument, -G argument Generate a key pair on the card and output the public key. An argument {ref}:{alg} is required, where ref is 9A, 9C, 9D or 9E and alg is 06, 07, 11 or 14 for RSA 1024, RSA 2048, ECC 256 or ECC 384. --object ContainerID, -O ContainerID Load an object on to the card. The ContainerID is defined in NIST 800-73-n without leading 0x. Example: CHUID object is 3000 --cert ref, -s ref Load a certificate on to the card. ref is 9A, 9C, 9D or 9E --compresscert ref, -Z ref Load a certificate that has been gziped on to the card. ref is 9A, 9C, 9D or 9E --out file, -o file Output file for any operation that produces output. --in file, -i file Input file for any operation that requires an input file. --key-slots-discovery file Print properties of the key slots. Needs 'admin' authentication. --send-apdu apdu, -s apdu Sends an arbitrary APDU to the card in the format AA:BB:CC:DD:EE:FF... This option may be repeated. --reader, -r num Use the given reader number. The default is 0, the first reader in the system. --card-driver driver, -c driver Use the given card driver. The default is auto-detected. --wait, -w Wait for a card to be inserted --verbose, -v Causes piv-tool to be more verbose. Specify this flag several times to enable debug output in the opensc library. SEE ALSO
opensc-tool(1) opensc 06/03/2012 PIV-TOOL(1)
Check Out this Related Man Page
OPENSC-EXPLORER(1) OpenSC Tools OPENSC-EXPLORER(1) NAME
opensc-explorer - generic interactive utility for accessing smart card and similar security token functions SYNOPSIS
opensc-explorer [OPTIONS] [SCRIPT] DESCRIPTION
The opensc-explorer utility can be used interactively to perform miscellaneous operations such as exploring the contents of or sending arbitrary APDU commands to a smart card or similar security token. OPTIONS
The following are the command-line options for opensc-explorer. There are additional interactive commands available once it is running. --card-driver driver, -c driver Use the given card driver. The default is auto-detected. --mf path, -m path Select the file referenced by the given path on startup. The default is the path to the standard master file, 3F00. If path is empty (e.g. opensc-explorer --mf ""), then no file is explicitly selected. --reader num, -r num Use the given reader number. The default is 0, the first reader in the system. --verbose, -v Causes opensc-explorer to be more verbose. Specify this flag several times to enable debug output in the opensc library. --wait, -w Wait for a card to be inserted COMMANDS
The following commands are supported at opensc-explorer's interactive prompt or in script files passed via the command line parameter SCRIPT. apdu hex-data Send a custom APDU command hex-data. asn1 file-id Parse and print the ASN.1 encoded content of the file specified by file-id. cat [file-id | sfi:short-id] Print the contents of the currently selected EF or the contents of a file specified by file-id or the short file id short-id. cd {.. | file-id | aid:DF-name} Change to another DF specified by the argument passed. If the argument given is .., then move up one level in the file system hierarchy. If it is file-id, which must be a DF directly beneath the current DF, then change to that DF. If it is an application identifier given as aid:DF-name, then jump to the MF of the application denoted by DF-name. change CHVpin-ref [[old-pin] new-pin] Change a PIN, where pin-ref is the PIN reference. Examples: change CHV2 00:00:00:00:00:00 "foobar" Change PIN CHV2 to the new value foobar, giving the old value 00:00:00:00:00:00. change CHV2 "foobar" Set PIN CHV2 to the new value foobar. change CHV2 Change PIN CHV2 using the card reader's pinpad. create file-id size Create a new EF. file-id specifies the id number and size is the size of the new file. debug [level] Set OpenSC debug level to level. If level is omitted the current debug level will be shown. delete file-id Remove the EF or DF specified by file-id do_get hex-tag [output] Copy the internal card's 'tagged' data into the local file. The local file is specified by output while the tag of the card's data is specified by hex-tag. If output is omitted, the name of the output file will be derived from hex-tag. do_put hex-tag input Update internal card's 'tagged' data. hex-tag is the tag of the card's data. input is the filename of the source file or the literal data presented as a sequence of hexadecimal values or " enclosed string. echo string ... Print the strings given. erase Erase the card, if the card supports it. get file-id [output] Copy an EF to a local file. The local file is specified by output while the card file is specified by file-id. If output is omitted, the name of the output file will be derived from the full card path to file-id. info [file-id] Display attributes of a file specified by file-id. If file-id is not supplied, the attributes of the current file are printed. ls [pattern ...] List files in the current DF. If no pattern is given, then all files are listed. If one ore more patterns are given, only files matching at least one pattern are listed. find [start-id [end-id]] Find all files in the current DF. Files are found by selecting all file identifiers in the range from start-fid to end-fid (by default from 0000 to FFFF). mkdir file-id size Create a DF. file-id specifies the id number and size is the size of the new file. put file-id input Copy a local file to the card. The local file is specified by input while the card file is specified by file-id. quit Exit the program. random count Generate random sequence of count bytes. rm file-id Remove the EF or DF specified by file-id unblock CHVpin-ref [puk [new pin]] Unblock the PIN denoted by pin-ref using the PUK puk, and set potentially change its value to new pin. PUK and PIN values can be a sequence of hexadecimal values, "-enclosed strings, empty (""), or absent. If they are absent, the values are read from the card reader's pin pad. Examples: unblock CHV2 00:00:00:00:00:00 "foobar" Unblock PIN CHV2 using PUK 00:00:00:00:00:00 and set it to the new value foobar. unblock CHV2 00:00:00:00:00:00 "" Unblock PIN CHV2 using PUK 00:00:00:00:00:00 keeping the old value. unblock CHV2 "" "foobar" Set new value of PIN CHV2 to foobar. unblock CHV2 00:00:00:00:00:00 Unblock PIN CHV2 using PUK 00:00:00:00:00:00. The new PIN value is prompted by pinpad. unblock CHV2 "" Set PIN CHV2. The new PIN value is prompted by pinpad. unblock CHV2 Unblock PIN CHV2. The unblock code and new PIN value are prompted by pinpad. update_binary file-id offs data Binary update of the file specified by file-id with the literal data data starting from offset specified by offs. data can be supplied as a sequencer of the hex values or as a " enclosed string. update_record file-id rec-nr rec-offs data Update record specified by rec-nr of the file specified by file-id with the literal data data starting from offset specified by rec-offs. data can be supplied as a sequence of the hex values or as a " enclosed string. verify key-type key-id [key] Present a PIN or key to the card, where key-type can be one of CHV, KEY, AUT or PRO. key-id is a number representing the key or PIN reference. key is the key or PIN to be verified, formatted as a colon-separated list of hex values or a " enclosed string. If key is omitted, the exact action depends on the card reader's features: if the card readers supports PIN input via a pin pad, then the PIN will be verified using the card reader's pin pad. If the card reader does not support PIN input, then the PIN will be asked interactively. Examples: verify CHV0 31:32:33:34:00:00:00:00 Verify CHV2 using the hex value 31:32:33:34:00:00:00:00 verify CHV1 "secret" Verify CHV1 using the string value secret. verify KEY2 Verify KEY2, get the value from the card reader's pin pad. SEE ALSO
opensc-tool(1) opensc 06/17/2014 OPENSC-EXPLORER(1)