Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tpmtoken_import(1) [debian man page]

tpmtoken_import(1)					      General Commands Manual						tpmtoken_import(1)

							 TPM Management - tpmtoken_import

tpmtoken_import - import an X.509 certficate and/or an RSA key pair into the user's TPM PKCS#11 data store SYNOPSIS
tpmtoken_import [ OPTION ] FILE DESCRIPTION
tpmtoken_import imports a PEM formatted representation of an X.509 certificate and/or an RSA key contained in FILE. Importing an X.509 certificate creates an X.509 Public Key Certificate PKCS#11 object and also an RSA Public Key PKCS#11 object using the RSA public key contained in the certificate. The certificate's key must be an RSA key in order for the certificate to be successfully processed by this command. Importing an RSA key creates an RSA Public Key and an RSA Private Key PKCS#11 object. In order to associate the RSA PKCS#11 objects with an X.509 Public Key Certificate PKCS#11 object, the RSA PKCS#11 objects must have a subject name and key identifier associated with them. This can be accomplished by supplying the corresponding X.509 certificate as an optional command parameter. The input can contain PEM formatted representations of both an X.509 certificate and an RSA key. If both representations are present then an X.509 Public Key Certificate PKCS#11 object, an RSA Public Key PKCS#11 object and an RSA Private Key PKCS#11 object are created. -h, --help Display command usage info. -v, --version Display command version info. -l, --log [none|error|info|debug] Set logging level. -i, --idfile FILE Use FILE as the PEM formatted X.509 certificate input used to obtain the subject and id attributes -k, --token STRING Use STRING to identify the label of the PKCS#11 token to be used -n, --name STRING Use STRING as the label for the imported object(s) -p, --public Import the object(s) as a public object -t, --type key|cert Import only the specified object type -y, --yes Assume an answer of yes for any confirmation prompts that would normally be asked SEE ALSO
tpmtoken_init(1), tpmtoken_setpasswd(1), tpmtoken_objects(1), tpmtoken_protect(1) REPORTING BUGS
Report bugs to <> TPM Management 2005-04-25 tpmtoken_import(1)

Check Out this Related Man Page

certtool(1)						      General Commands Manual						       certtool(1)

certtool - Manipulate certificates and keys. SYNOPSIS
certtool [options] DESCRIPTION
Generate X.509 certificates, certificate requests, and private keys. OPTIONS
Program control options -d, --debug LEVEL Specify the debug level. Default is 1. -h, --help Shows this help text -v, --version Shows the program's version Getting information on X.509 certificates -i, --certificate-info Print information on a certificate. -k, --key-info Print information on a private key. -l, --crl-info Print information on a CRL. --p12-info Print information on a PKCS #12 structure. Getting information on Openpgp certificates --pgp--certificate-info Print information on an OpenPGP certificate. --pgp--key-info Print information on an OpenPGP private key. --pgp--ring-info Print information on a keyring. Generating/verifying X.509 certificates/keys -c, --generate-certificate Generate a signed certificate. -e, --verify-chain Verify a PEM encoded certificate chain. The last certificate in the chain must be a self signed one. --generate-dh-params Generate PKCS #3 encoded Diffie-Hellman parameters. --load-ca-certificate FILE Certificate authority's certificate file to use. --load-ca-privkey FILE Certificate authority's private key file to use. --load-certificate FILE Certificate file to use. --load-privkey FILE Private key file to use. --load-request FILE Certificate request file to use. -p, --generate-privkey Generate a private key. -q, --generate-request Generate a PKCS #10 certificate request. -s, --generate-self-signed Generate a self-signed certificate. -u, --update-certificate Update a signed certificate. Controlling output -8, --pkcs8 Use PKCS #8 format for private keys. --dsa Generate a DSA key. --bits BITS Specify the number of bits for key generation. --export-ciphers Use weak encryption algorithms. --inraw Use RAW/DER format for input certificates and private keys. --infile FILE Input file. --outraw Use RAW/DER format for output certificates and private keys. --outfile FILE Output file. --password PASSWORD Password to use. --to-p12 Generate a PKCS #12 structure. --template Use a template file to read input. See the doc/certtool.cfg in the distribution, for an example. --fix-key Some previous versions of certtool generated wrongly the optional parameters in a private key. This may affect programs that used them. To fix an old private key use --key-info in combination with this parameter. --v1 When generating a certificate use the X.509 version 1 format. This does not add any extensions (such as indication for a CA) but some programs do need these. EXAMPLES
To create a private key, run: $ certtool --generate-privkey --outfile key.pem To create a certificate request (needed when the certificate is issued by another party), run: $ certtool --generate-request --load-privkey key.pem --outfile request.pem To generate a certificate using the previous request, use the command: $ certtool --generate-certificate --load-request request.pem --outfile cert.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem To generate a certificate using the private key only, use the command: $ certtool --generate-certificate --load-privkey key.pem --outfile cert.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem To view the certificate information, use: $ certtool --certificate-info --infile cert.pem To generate a PKCS #12 structure using the previous key and certificate, use the command: $ certtool --load-certificate cert.pem --load-privkey key.pem --to-p12 --outder --outfile key.p12 AUTHOR
Nikos Mavroyanopoulos <> and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list. This manual page was written by Ivo Timmermans <>, for the Debian GNU/Linux system (but may be used by others). May 23rd 2005 certtool(1)
Man Page

Featured Tech Videos