Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pkcs11-tool(1) [centos man page]

PKCS11-TOOL(1)							   OpenSC Tools 						    PKCS11-TOOL(1)

NAME

       pkcs11-tool - utility for managing and using PKCS #11 security tokens

SYNOPSIS

       pkcs11-tool [OPTIONS]

DESCRIPTION

       The pkcs11-tool utility is used to manage the data objects on smart cards and similar PKCS #11 security tokens. Users can list and read
       PINs, keys and certificates stored on the token. User PIN authentication is performed for those operations that require it.

OPTIONS

       --attr-from path
	   Extract information from path (DER-encoded certificate file) and create the corresponding attributes when writing an object to the
	   token. Example: the certificate subject name is used to create the CKA_SUBJECT attribute.

       --change-pin, -c
	   Change the user PIN on the token

       --hash, -h
	   Hash some data.

       --id id, -d id
	   Specify the id of the object to operate on.

       --init-pin
	   Initializes the user PIN. This option differs from --change-pin in that it sets the user PIN for the first time. Once set, the user PIN
	   can be changed using --change-pin.

       --init-token
	   Initialize a token: set the token label as well as a Security Officer PIN (the label must be specified using --label).

       --input-file path, -i path
	   Specify the path to a file for input.

       --keypairgen, -k
	   Generate a new key pair (public and private pair.)

       --label name, -a name
	   Specify the name of the object to operate on (or the token label when --init-token is used).

       --list-mechanisms, -M
	   Display a list of mechanisms supported by the token.

       --list-objects, -O
	   Display a list of objects.

       --list-slots, -L
	   Display a list of available slots on the token.

       --login, -l
	   Authenticate to the token before performing other operations. This option is not needed if a PIN is provided on the command line.

       --mechanism mechanism, -m mechanism
	   Use the specified mechanism for token operations. See -M for a list of mechanisms supported by your token.

       --module mod
	   Specify a PKCS#11 module (or library) to load.

       --moz-cert path, -z path
	   Test a Mozilla-like keypair generation and certificate request. Specify the path to the certificate file.

       --output-file path, -o path
	   Specify the path to a file for output.

       --pin pin, -p pin
	   Use the given pin for token operations. WARNING: Be careful using this option as other users may be able to read the command line from
	   the system or if it is embedded in a script.

	   This option will also set the --login option.

       --set-id id, -e id
	   Set the CKA_ID of the object.

       --show-info, -I
	   Display general token information.

       --sign, -s
	   Sign some data.

       --slot id
	   Specify the id of the slot to use.

       --slot-description description
	   Specify the description of the slot to use.

       --slot-index index
	   Specify the index of the slot to use.

       --token-label label
	   Specify the label of token. Will be used the first slot, that has the inserted token with this label.

       --so-pin pin
	   Use the given pin as the Security Officer PIN for some token operations (token initialization, user PIN initialization, etc). The same
	   warning as --pin also applies here.

       --test, -t
	   Perform some tests on the token. This option is most useful when used with either --login or --pin.

       --type type, -y type
	   Specify the type of object to operate on. Examples are cert, privkey and pubkey.

       --verbose, -v
	   Cause pkcs11-tool to be more verbose.

	   NB! This does not affect OpenSC debugging level! To set OpenSC PKCS#11 module into debug mode, set the OPENSC_DEBUG environment
	   variable to a non-zero number.

       --write-object id, -w path
	   Write a key or certificate object to the token.  path points to the DER-encoded certificate or key file.

opensc								    06/17/2014							    PKCS11-TOOL(1)

Check Out this Related Man Page

WESTCOS-TOOL(1) 						   OpenSC tools 						   WESTCOS-TOOL(1)

NAME

       westcos-tool - utility for manipulating data structures on westcos smart cards

SYNOPSIS

       westcos-tool [OPTIONS]

DESCRIPTION

       The westcos-tool utility is used to manipulate the westcos data structures on 2 Ko smart cards. Users can create PINs, keys and
       certificates stored on the token. User PIN authentication is performed for those operations that require it.

OPTIONS

       --reader, r num
	   Use the given reader. The default is the first reader with a card.

       --wait, -w
	   Wait for a card to be inserted

       --generate-key, -g
	   Generate a private key on smart card. The smart card must be not finalized and a PIN must be installed (ie. file for PIN must be
	   created, see option -i). By default key length is 1536 bits. User authentication is required for this operation.

       --overwrite-key, -o
	   Overwrite the key if there is already a key on card.

       --key-length length, -l length
	   Change the length of private key, use with -g.

       --install-pin, -i
	   Install PIN file in token, you must provide PIN value with -x.

       --pin-value value, -x value
	   set value of PIN.

       --puk-value value, -y value
	   set value of PUK (or value of new PIN for change PIN command see -n).

       --change-pin, -n
	   Changes a PIN stored on the token. User authentication is required for this operation.

       --unblock-pin, -u
	   Unblocks a PIN stored on the token. Knowledge of the PIN Unblock Key (PUK) is required for this operation.

       --certificate file, -t file
	   Write certificate file in PEM format to the card. User authentication is required for this operation.

       --finalize, -f
	   Finalize the card. Once finalized the default key is invalidated so PIN and PUK can't be changed anymore without user authentication.
	   Warning, un-finalized are insecure because PIN can be changed without user authentication (knowledge of default key is enough).

       --read-file path, -j path
	   Get the file path the file is written on disk with path name. User authentication is required for this operation.

       --write-file path, -k path
	   Put the file with name path from disk to card the file is written in path. User authentication is required for this operation.

       --help, -h
	   Print help message on screen.

       -v
	   Causes westcos-tool to be more verbose. Specify this flag several times to enable debug output in the OpenSC library.

AUTHORS

       westcos-tool was written by Francois Leblanc francois.leblanc@cev-sa.com.

opensc								    06/03/2012							   WESTCOS-TOOL(1)
Man Page