opensc/doc/tools/pkcs15-tool.xml

<?xml version="1.0" encoding="UTF-8"?>
<refentry id="pkcs15-tool">
	<refmeta>
		<refentrytitle>pkcs15-tool</refentrytitle>
		<manvolnum>1</manvolnum>
		<refmiscinfo>opensc</refmiscinfo>
	</refmeta>

	<refnamediv>
		<refname>pkcs15-tool</refname>
		<refpurpose>utility for manipulating PKCS #15 data structures
		on smart cards and similar security tokens</refpurpose>
	</refnamediv>

	<refsect1>
		<title>Synopsis</title>
		<para>
			<command>pkcs15-tool</command> [OPTIONS]
		</para>
	</refsect1>

	<refsect1>
		<title>Description</title>
		<para>
			The <command>pkcs15-tool</command> utility is used to manipulate
			the PKCS #15 data structures on smart cards and similar security
			tokens. Users can list and read PINs, keys and certificates stored
			on the token. User PIN authentication is performed for those
			operations that require it.
		</para>
	</refsect1>

	<refsect1>
		<title>Options</title>
		<para>
			<variablelist>
				<varlistentry>
					<term><option>--learn-card, -L</option></term>
					<listitem><para>Cache PKCS #15 token data to the local filesystem.
					Subsequent operations are performed on the cached data where possible.
					If the cache becomes out-of-sync with the token state (eg. new key is
					generated and stored on the token), the cache should be updated or
					operations may show stale results.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--read-certificate</option> <varname>cert</varname>,
					<option>-r</option> <varname>cert</varname></term>
					<listitem><para>Reads the certificate with the given id.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--list-certificates, -c</option></term>
					<listitem><para>Lists all certificates stored on the token.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--read-data-object</option> <varname>cert</varname>,
					<option>-R</option> <varname>data</varname></term>
					<listitem><para>Reads data object with OID, applicationName or label.
                                        </para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--list-data-objects, -C</option></term>
					<listitem><para>Lists all data objects stored on the token.
					For some cards the PKCS#15 attributes of the private data objects are 
					protected for reading and need the authentication with the User PIN.
					In such a case the <option>--verify-pin</option> option has to be used.
					</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--list-pins</option></term>
					<listitem><para>Lists all PINs stored on the token. General information
					about each PIN is listed (eg. PIN name). Actual PIN values are not shown.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--dump, -D</option></term>
					<listitem><para>Dump card objects.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--change-pin</option></term>
					<listitem><para>Changes a PIN or PUK stored on the token. User authentication
					is required for this operation.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--unblock-pin, -u</option></term>
					<listitem><para>Unblocks a PIN stored on the token. Knowledge of the 
					Pin Unblock Key (PUK) is required for this operation.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--list-keys, -k</option></term>
					<listitem><para>Lists all private keys stored on the token. General
					information about each private key is listed (eg. key name, id and
					algorithm). Actual private key values are not displayed.
					For some cards the PKCS#15 attributes of the private keys are protected for reading 
					and need the authentication with the User PIN.
					In such a case the <option>--verify-pin</option> option has to be used.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--list-public-keys</option></term>
					<listitem><para>Lists all public keys stored on the token, including
					key name, id, algorithm and length information.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--read-public-key</option> <varname>id</varname></term>
					<listitem><para>Reads the public key with id <varname>id</varname>,
					allowing the user to extract and store or use the public key.</para></listitem>
				</varlistentry>
				
				<varlistentry>
					<term><option>--read-ssh-key</option> <varname>id</varname></term>
					<listitem><para>Reads the public key with id <varname>id</varname>,
					writing the output in format suitable for $HOME/.ssh/authorized_keys.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--output</option> <varname>filename</varname>,
					<option>-o</option> <varname>filename</varname></term>
					<listitem><para>Specifies where key output should be written.
					If <varname>filename</varname> already exists, it will be overwritten.
					If this option is not given, keys will be printed to standard output.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--no-cache</option></term>
					<listitem><para>Disables token data caching.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--auth-id</option> <varname>pin</varname>,
					<option>-a</option> <varname>pin</varname></term>
					<listitem><para>Specifies the auth id of the PIN to use for the
					operation. This is useful with the --change-pin operation.</para></listitem>
				</varlistentry>

                                <varlistentry>
                                        <term><option>--aid</option> <varname>aid</varname></term>
                                        <listitem><para>Specify in a hexadecimal form the AID of the on-card PKCS#15 
                                        application to be binded to.</para></listitem>
                                </varlistentry>

				<varlistentry>
					<term><option>--reader</option> <varname>num</varname></term>
					<listitem><para>Forces <command>pkcs15-tool</command> to use reader
					number <varname>num</varname> for operations. The default is to use
					reader number 0, the first reader in the system.</para></listitem>
				</varlistentry>

				<varlistentry>
					<term><option>--verbose, -v</option></term>
					<listitem><para>Causes <command>pkcs15-tool</command> to be more
					verbose. Specify this flag several times to enable debug output
					in the OpenSC library.</para></listitem>
				</varlistentry>

			</variablelist>
		</para>
	</refsect1>
	
	<refsect1>
		<title>See also</title>
		<para>opensc(7), pkcs15-init(1), pkcs15-crypt(1)</para>
	</refsect1>

</refentry>
added docbook XML source for tools manpages git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2443 c6295689-39f2-0310-b995-f0e70906c6a9 2005-07-20 00:43:38 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<refentry id="pkcs15-tool">`
			`<refmeta>`
			`<refentrytitle>pkcs15-tool</refentrytitle>`
			`<manvolnum>1</manvolnum>`
			`<refmiscinfo>opensc</refmiscinfo>`
			`</refmeta>`

			`<refnamediv>`
			`<refname>pkcs15-tool</refname>`
			`<refpurpose>utility for manipulating PKCS #15 data structures`
			`on smart cards and similar security tokens</refpurpose>`
			`</refnamediv>`

			`<refsect1>`
			`<title>Synopsis</title>`
			`<para>`
			`<command>pkcs15-tool</command> [OPTIONS]`
			`</para>`
			`</refsect1>`

			`<refsect1>`
			`<title>Description</title>`
			`<para>`
			`The <command>pkcs15-tool</command> utility is used to manipulate`
			`the PKCS #15 data structures on smart cards and similar security`
			`tokens. Users can list and read PINs, keys and certificates stored`
			`on the token. User PIN authentication is performed for those`
			`operations that require it.`
			`</para>`
			`</refsect1>`

			`<refsect1>`
			`<title>Options</title>`
			`<para>`
			`<variablelist>`
			`<varlistentry>`
			`<term><option>--learn-card, -L</option></term>`
			`<listitem><para>Cache PKCS #15 token data to the local filesystem.`
			`Subsequent operations are performed on the cached data where possible.`
			`If the cache becomes out-of-sync with the token state (eg. new key is`
			`generated and stored on the token), the cache should be updated or`
			`operations may show stale results.</para></listitem>`
			`</varlistentry>`

			`<varlistentry>`
			`<term><option>--read-certificate</option> <varname>cert</varname>,`
			`<option>-r</option> <varname>cert</varname></term>`
			`<listitem><para>Reads the certificate with the given id.</para></listitem>`
			`</varlistentry>`

			`<varlistentry>`
			`<term><option>--list-certificates, -c</option></term>`
			`<listitem><para>Lists all certificates stored on the token.</para></listitem>`
			`</varlistentry>`

man: in pkcs15-tool man page add 'list-data', 'read-data' actions and update 'list' private objects git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4140 c6295689-39f2-0310-b995-f0e70906c6a9 2010-03-19 09:19:21 +00:00			`<varlistentry>`
			`<term><option>--read-data-object</option> <varname>cert</varname>,`
			`<option>-R</option> <varname>data</varname></term>`
			`<listitem><para>Reads data object with OID, applicationName or label.`
			`</para></listitem>`
			`</varlistentry>`

			`<varlistentry>`
			`<term><option>--list-data-objects, -C</option></term>`
			`<listitem><para>Lists all data objects stored on the token.`
			`For some cards the PKCS#15 attributes of the private data objects are`
			`protected for reading and need the authentication with the User PIN.`
			`In such a case the <option>--verify-pin</option> option has to be used.`
manpages: #102: --change-pin also works for a PUK code. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4674 c6295689-39f2-0310-b995-f0e70906c6a9 2010-09-02 18:21:14 +00:00			`</para></listitem>`
man: in pkcs15-tool man page add 'list-data', 'read-data' actions and update 'list' private objects git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4140 c6295689-39f2-0310-b995-f0e70906c6a9 2010-03-19 09:19:21 +00:00			`</varlistentry>`

added docbook XML source for tools manpages git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2443 c6295689-39f2-0310-b995-f0e70906c6a9 2005-07-20 00:43:38 +00:00			`<varlistentry>`
			`<term><option>--list-pins</option></term>`
			`<listitem><para>Lists all PINs stored on the token. General information`
			`about each PIN is listed (eg. PIN name). Actual PIN values are not shown.</para></listitem>`
			`</varlistentry>`

man: in pkcs15-tool man page add 'list-data', 'read-data' actions and update 'list' private objects git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4140 c6295689-39f2-0310-b995-f0e70906c6a9 2010-03-19 09:19:21 +00:00			`<varlistentry>`
			`<term><option>--dump, -D</option></term>`
			`<listitem><para>Dump card objects.</para></listitem>`
			`</varlistentry>`

added docbook XML source for tools manpages git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2443 c6295689-39f2-0310-b995-f0e70906c6a9 2005-07-20 00:43:38 +00:00			`<varlistentry>`
			`<term><option>--change-pin</option></term>`
manpages: #102: --change-pin also works for a PUK code. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4674 c6295689-39f2-0310-b995-f0e70906c6a9 2010-09-02 18:21:14 +00:00			`<listitem><para>Changes a PIN or PUK stored on the token. User authentication`
added docbook XML source for tools manpages git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2443 c6295689-39f2-0310-b995-f0e70906c6a9 2005-07-20 00:43:38 +00:00			`is required for this operation.</para></listitem>`
			`</varlistentry>`

document --unblock-pin / -u option. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2869 c6295689-39f2-0310-b995-f0e70906c6a9 2006-03-05 19:43:38 +00:00			`<varlistentry>`
			`<term><option>--unblock-pin, -u</option></term>`
man: in pkcs15-tool man page add 'list-data', 'read-data' actions and update 'list' private objects git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4140 c6295689-39f2-0310-b995-f0e70906c6a9 2010-03-19 09:19:21 +00:00			`<listitem><para>Unblocks a PIN stored on the token. Knowledge of the`
manpages: #102: --change-pin also works for a PUK code. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4674 c6295689-39f2-0310-b995-f0e70906c6a9 2010-09-02 18:21:14 +00:00			`Pin Unblock Key (PUK) is required for this operation.</para></listitem>`
document --unblock-pin / -u option. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2869 c6295689-39f2-0310-b995-f0e70906c6a9 2006-03-05 19:43:38 +00:00			`</varlistentry>`

added docbook XML source for tools manpages git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2443 c6295689-39f2-0310-b995-f0e70906c6a9 2005-07-20 00:43:38 +00:00			`<varlistentry>`
			`<term><option>--list-keys, -k</option></term>`
			`<listitem><para>Lists all private keys stored on the token. General`
			`information about each private key is listed (eg. key name, id and`
man: in pkcs15-tool man page add 'list-data', 'read-data' actions and update 'list' private objects git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4140 c6295689-39f2-0310-b995-f0e70906c6a9 2010-03-19 09:19:21 +00:00			`algorithm). Actual private key values are not displayed.`
			`For some cards the PKCS#15 attributes of the private keys are protected for reading`
			`and need the authentication with the User PIN.`
			`In such a case the <option>--verify-pin</option> option has to be used.</para></listitem>`
added docbook XML source for tools manpages git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2443 c6295689-39f2-0310-b995-f0e70906c6a9 2005-07-20 00:43:38 +00:00			`</varlistentry>`

			`<varlistentry>`
			`<term><option>--list-public-keys</option></term>`
			`<listitem><para>Lists all public keys stored on the token, including`
			`key name, id, algorithm and length information.</para></listitem>`
			`</varlistentry>`

			`<varlistentry>`
			`<term><option>--read-public-key</option> <varname>id</varname></term>`
			`<listitem><para>Reads the public key with id <varname>id</varname>,`
			`allowing the user to extract and store or use the public key.</para></listitem>`
			`</varlistentry>`
Fixes #17 git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3051 c6295689-39f2-0310-b995-f0e70906c6a9 2006-11-09 16:05:55 +00:00
			`<varlistentry>`
			`<term><option>--read-ssh-key</option> <varname>id</varname></term>`
			`<listitem><para>Reads the public key with id <varname>id</varname>,`
			`writing the output in format suitable for $HOME/.ssh/authorized_keys.</para></listitem>`
			`</varlistentry>`
added docbook XML source for tools manpages git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2443 c6295689-39f2-0310-b995-f0e70906c6a9 2005-07-20 00:43:38 +00:00
			`<varlistentry>`
			`<term><option>--output</option> <varname>filename</varname>,`
			`<option>-o</option> <varname>filename</varname></term>`
			`<listitem><para>Specifies where key output should be written.`
			`If <varname>filename</varname> already exists, it will be overwritten.`
			`If this option is not given, keys will be printed to standard output.</para></listitem>`
			`</varlistentry>`

			`<varlistentry>`
			`<term><option>--no-cache</option></term>`
			`<listitem><para>Disables token data caching.</para></listitem>`
			`</varlistentry>`

			`<varlistentry>`
man: use --auth-id instead of bogus --pin-id in pkcs15-tool man page. [Ludolf Holzheid] git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4594 c6295689-39f2-0310-b995-f0e70906c6a9 2010-07-26 11:17:53 +00:00			`<term><option>--auth-id</option> <varname>pin</varname>,`
added docbook XML source for tools manpages git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2443 c6295689-39f2-0310-b995-f0e70906c6a9 2005-07-20 00:43:38 +00:00			`<option>-a</option> <varname>pin</varname></term>`
			`<listitem><para>Specifies the auth id of the PIN to use for the`
			`operation. This is useful with the --change-pin operation.</para></listitem>`
			`</varlistentry>`

tools: use 'aid' as the name of option to specify the on-card PKCS#15 application ; update documentation; ; debug messages; ; cleanup the authentic card profile. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5050 c6295689-39f2-0310-b995-f0e70906c6a9 2011-01-06 14:39:19 +00:00			`<varlistentry>`
			`<term><option>--aid</option> <varname>aid</varname></term>`
			`<listitem><para>Specify in a hexadecimal form the AID of the on-card PKCS#15`
			`application to be binded to.</para></listitem>`
			`</varlistentry>`

added docbook XML source for tools manpages git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2443 c6295689-39f2-0310-b995-f0e70906c6a9 2005-07-20 00:43:38 +00:00			`<varlistentry>`
			`<term><option>--reader</option> <varname>num</varname></term>`
			`<listitem><para>Forces <command>pkcs15-tool</command> to use reader`
			`number <varname>num</varname> for operations. The default is to use`
			`reader number 0, the first reader in the system.</para></listitem>`
			`</varlistentry>`

			`<varlistentry>`
			`<term><option>--verbose, -v</option></term>`
			`<listitem><para>Causes <command>pkcs15-tool</command> to be more`
			`verbose. Specify this flag several times to enable debug output`
			`in the OpenSC library.</para></listitem>`
			`</varlistentry>`

			`</variablelist>`
			`</para>`
			`</refsect1>`

			`<refsect1>`
			`<title>See also</title>`
			`<para>opensc(7), pkcs15-init(1), pkcs15-crypt(1)</para>`
			`</refsect1>`

			`</refentry>`