2005-06-14 21:37:19 +00:00
|
|
|
.PU
|
|
|
|
.ds nm \fBnetkey-tool\fR
|
|
|
|
.TH netkey-tool 1 "May 16, 2005" "" OpenSC
|
|
|
|
.SH NAME
|
2005-06-16 19:28:23 +00:00
|
|
|
netkey-tool \- utility for NetKey E4 smart cards
|
2005-06-14 21:37:19 +00:00
|
|
|
.SH SYNOPSIS
|
|
|
|
\*(nm
|
|
|
|
.RI [OPTIONS]
|
|
|
|
[command]
|
|
|
|
.SH DESCRIPTION
|
|
|
|
The \*(nm utility can be used from the command line to perform
|
|
|
|
some smart card operations with NetKey E4 cards that cannot
|
|
|
|
be done easily with other OpenSC-tools, such as changing local
|
|
|
|
PINs, storing certificates into empty NetKey E4 cert-files or
|
|
|
|
displaying the initial PUK-value.
|
|
|
|
.SH OPTIONS
|
|
|
|
.TP
|
|
|
|
.BR \-\-help ", " \-h
|
|
|
|
Displays a short help message.
|
|
|
|
format
|
|
|
|
.TP
|
|
|
|
.BR \-v
|
|
|
|
Causes \*(nm to be more verbose. Specify this flag several times
|
|
|
|
to enable debug output in the opensc library.
|
|
|
|
.TP
|
|
|
|
.BR "\-\-pin " \fIpin-value\fP ", \-p " \fIpin-value\fP
|
|
|
|
Specifies the current value of the global PIN.
|
|
|
|
.TP
|
|
|
|
.BR "\-\-puk " \fIpin-value\fP ", \-u " \fIpin-value\fP
|
|
|
|
Specifies the current value of the global PUK.
|
|
|
|
.TP
|
|
|
|
.BR "\-\-pin0 " \fIpin-value\fP ", \-0 " \fIpin-value\fP
|
|
|
|
Specifies the current value of the local PIN0 (aka local PIN).
|
|
|
|
.TP
|
|
|
|
.BR "\-\-pin1 " \fIpin-value\fP ", \-1 " \fIpin-value\fP
|
|
|
|
Specifies the current value of the local PIN1 (aka local PUK).
|
|
|
|
.SH PIN FORMAT
|
|
|
|
With \fIpin-value\fP you can specify one of the cards pins.
|
|
|
|
You may use plain ascii-strings (i.e. 123456) or a hex-string
|
|
|
|
(i.e. 31:32:33:34:35:36). A hex-string consists
|
|
|
|
of exacly n 2-digit hexnumbers separated by n-1 colons.
|
|
|
|
Don't use leading or trailing colons or 1-digit hex-numbers. :12:34:
|
|
|
|
and 1:2:3:4 are both pins of length 7 and you most likely
|
|
|
|
intedend to use 12:34 or 01:02:03:04 wich are pins of length
|
|
|
|
2 and 4.
|
|
|
|
.SH COMMANDS
|
|
|
|
When used without any options or commands, \*(nm will
|
2005-06-16 19:28:23 +00:00
|
|
|
display information about the smart cards pins and
|
2005-06-14 21:37:19 +00:00
|
|
|
certificates. This will not change your card in
|
|
|
|
any aspect (assumed there are no bugs in \*(nm).
|
|
|
|
In particular the tries-left counters of the pins
|
|
|
|
are investigated without doing actual pin-verifications.
|
|
|
|
|
|
|
|
If you specify the global PIN via the \fB\-\-pin\fP option,
|
|
|
|
\*(nm will also display the initial value of the cards
|
|
|
|
global PUK. If your global PUK was changed \*(nm will
|
|
|
|
still diplay its initial value. There's no way to recover
|
|
|
|
a lost global PUK once it was changed and got lost. There's
|
|
|
|
also no way to display the initial value of your global
|
|
|
|
PUK without knowing the current value of your global PIN.
|
|
|
|
|
|
|
|
For most of the commands that \*(nm can execute, you have
|
|
|
|
to specify one pin. One notable exeption is the
|
|
|
|
\fBnullpin\fP command, but this command can only be executed
|
|
|
|
once in the lifetime of a NetKey E4 card.
|
|
|
|
.IP "\fBunblock pin | pin0 | pin1\fP" 4
|
|
|
|
This unblocks the specified pin. This needs the value
|
|
|
|
of another pin and if you don't specify a correct one,
|
|
|
|
\*(nm will tell you which one is needed.
|
|
|
|
.IP "\fBchange pin | puk | pin0 | pin1 \fIpin-value\fP" 4
|
|
|
|
This changes the value of the specified pin to the given
|
|
|
|
new value. This needs the value of either the same
|
|
|
|
pin or another pin and if you don't specify a correct one,
|
|
|
|
\*(nm will tell you which one is needed.
|
|
|
|
.IP "\fBnullpin \fIpin-value\fP" 4
|
|
|
|
This command can be executed only if the global PIN
|
|
|
|
of your card is in nullpin-state. There's no way to
|
|
|
|
return back to nullpin-state once you have changed
|
|
|
|
your global PIN. You don't need a pin to execute
|
|
|
|
the nullpin-command. After a succesfull nullpin-command
|
|
|
|
\*(nm will display your cards initial PUK-value.
|
|
|
|
.IP "\fBcert \fIno\fP \fIfilename\fP" 4
|
|
|
|
This command will read one of your cards certificates
|
|
|
|
(as specified by number \fIno\fP) and save this
|
|
|
|
certificate into file \fIfilename\fP in PEM-format.
|
|
|
|
Certificates on a NetKey E4 card are readable without
|
|
|
|
a pin, so you don't have to specify one.
|
|
|
|
.IP "\fBcert \fIfilename\fP \fIno\fP" 4
|
|
|
|
This command will read the first PEM-encoded certificate from
|
2005-06-16 19:28:23 +00:00
|
|
|
file \fIfilename\fP and store this into your smart cards
|
2005-06-14 21:37:19 +00:00
|
|
|
certificate file number \fIno\fP. Some of your
|
2005-06-16 19:28:23 +00:00
|
|
|
smart cards certificate files might be readonly, so
|
2005-06-14 21:37:19 +00:00
|
|
|
this will not work with all values of \fIno\fP. If
|
|
|
|
a certificate file is writable you must specify a
|
|
|
|
pin in order to change it. If you try to use this
|
|
|
|
command without specifying a pin, \*(nm will tell
|
|
|
|
you which one is needed.
|
|
|
|
.SH SEE ALSO
|
|
|
|
.BR opensc (7),
|
|
|
|
.BR opensc-explorer (1)
|
|
|
|
.SH AUTHORS
|
|
|
|
\*(nm was written by Peter Koch <pk_opensc@web.de>.
|