debian man page for p11tool

Debian Man Pages All Man Pages Latest Topics Forum Categories

Query: p11tool

OS: debian

Section: 1

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

p11tool(1)						      General Commands Manual							p11tool(1)


NAME

       p11tool - Manipulate PKCS #11 tokens.


SYNOPSIS

       p11tool [options]


DESCRIPTION

       Export/import data from PKCS #11 tokens. To use PKCS #11 tokens with gnutls the configuration file /etc/gnutls/pkcs11.conf has to exist and
       contain a number of lines of the form "load=/usr/lib/opensc-pkcs11.so".


OPTIONS

   Program control options
       -d, --debug LEVEL
	      Specify the debug level. Default is 1.

       -h, --help
	      Shows this help text

   Generic options
       --login
	      Force login to the token for the intended operation.

       --provider MODULE
	      In addition to /etc/gnutls/pkcs11.conf, load the specified module.

       --outfile FILE
	      Print output to FILE.

       --inder, --inraw
	      Input is DER formatted.

   Getting information on available X.509 certificates
       --list-tokens
	      Prints all available tokens.

       --initialize URL
	      Initializes (formats) the specified by the URL token. Note that several tokens do not support this fascility.

   Getting information on available X.509 certificates
       --list-all-certs
	      Prints all available certificates.

       --list-certs
	      Prints all certificates that have a corresponding private key stored in the token.

       --list-trusted
	      Prints all certificates that have been marked as trusted.

   Getting information on private keys
       --list-privkeys
	      Prints all available private keys.

   Handling generic objects
       --export URL
	      Exports the object (e.g. certificate) specified by the URL.

       --delete URL
	      Deletes the object specified by the URL. Note that several tokens do not support deletion.

       --detailed-url
	      When printing URLs print them in a detailed (to the PKCS #11 module used) form.

       --no-detailed-url
	      When printing URLs, do not print details on the module used.

   Storing objects
       --write URL
	      Flag to set when writing an object. Requires one of --load-privkey, --load-pubkey, --load-certificate or --secret-key options.

       --load-privkey
	      Load a private key for the write operations.

       --load-pubkey
	      Load an X.509 subjectPublicKey for the write operation.

       --load-certificate
	      Load an X.509 certificate for the write operation.

       --secret-key
	      Specify a hex encoded secret key for the write operation.

       --trusted
	      The object stored will be marked as trusted.

       --label
	      The label of the object stored.

   Controlling output
       -8, --pkcs8
	      Use PKCS #8 format for private keys.


EXAMPLES

       To store a private key and certificate, run:

	      $ p11tool --login --write "pkcs11:XXX"  --load-privkey key.pem --label "MyKey"
	      $ p11tool --login --write "pkcs11:XXX"  --load-certificate cert.pem --label "MyCert"

       To view all objects in a token, use:

	      $ p11tool --login --list-all


AUTHOR

       Nikos Mavrogiannopoulos <nmav@gnutls.org> and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list.

								November 11th 2010							p11tool(1)
Related Man Pages
pkcs11-tool(1) - centos
pkcs11-tool(1) - debian
tpmtoken_import(1) - debian
certtool(1) - centos
certtool(1) - suse
Similar Topics in the Unix Linux Community
Detecting unused variables...
Find columns in a file based on header and print to new file
Weird 'find' results
My first PERL incarnation... Audio Oscillograph