2002-11-28 15:58:52 +00:00
|
|
|
|
.PU
|
|
|
|
|
.ds nm \fBpkcs15-tool\fR
|
|
|
|
|
.TH pkcs15-tool 1 "September 3, 2002" "" OpenSC
|
|
|
|
|
.SH NAME
|
|
|
|
|
pkcs15-tool \- utility for manipulating PKCS #15 data structures on smart cards and similar security tokens
|
|
|
|
|
.SH SYNOPSIS
|
|
|
|
|
\*(nm
|
|
|
|
|
.RI [OPTIONS]
|
|
|
|
|
.SH DESCRIPTION
|
|
|
|
|
The \*(nm utility is used to manipulate the PKCS #15
|
|
|
|
|
data structures on smart cards and similar security tokens.
|
|
|
|
|
Users can list and read PINs, keys and
|
|
|
|
|
certificates stored on the token. User PIN authentication is
|
|
|
|
|
performed for those operations that require it.
|
|
|
|
|
.SH OPTIONS
|
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-learn\-card ", " \-L
|
|
|
|
|
Cache PKCS #15 token data to the local filesystem. Subsequent
|
|
|
|
|
operations are performed on the cached data where possible. If
|
|
|
|
|
the cache becomes out\-of\-sync with the token state (eg. new
|
|
|
|
|
key is generated and stored on the token), the cache should
|
|
|
|
|
be updated or operations may show stale results.
|
|
|
|
|
.TP
|
|
|
|
|
.BR "\-\-read\-certificate " \fIcert\fP ", \-r " \fIcert\fP
|
2004-07-28 20:02:07 +00:00
|
|
|
|
Reads the certificate with the given id.
|
2002-11-28 15:58:52 +00:00
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-list\-certificates ", " \-c
|
2004-07-28 20:02:07 +00:00
|
|
|
|
Lists all certificates stored on the token.
|
2002-11-28 15:58:52 +00:00
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-list\-pins
|
|
|
|
|
Lists all PINs stored on the token. General information about
|
|
|
|
|
each PIN is listed (eg. PIN name). Actual PIN values are not shown.
|
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-change\-pin
|
|
|
|
|
Changes a PIN stored on the token. User authentication is required
|
|
|
|
|
for this operation.
|
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-list\-keys ", " \-k
|
|
|
|
|
Lists all private keys stored on the token. General information about
|
|
|
|
|
each private key is listed (eg. key name, id and algorithm). Actual private
|
|
|
|
|
key values are not displayed.
|
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-list\-public\-keys
|
|
|
|
|
Lists all public keys stored on the token, including key name, id,
|
|
|
|
|
algorithm and length information.
|
|
|
|
|
.TP
|
|
|
|
|
.BR "\-\-read\-public\-key " \fIid\fP
|
|
|
|
|
Reads the public key with id \fIid\fP, allowing the user to
|
|
|
|
|
extract and store or use the public key.
|
|
|
|
|
.TP
|
|
|
|
|
.BR "\-\-output " \fIfilename\fP ", \-o " \fIfilename\fP
|
2004-07-28 20:02:07 +00:00
|
|
|
|
Specifies where key output should be written. If \fIfilename\fP already
|
|
|
|
|
exists, it will be overwritten. If this option is not given, keys will
|
|
|
|
|
be printed to standard output.
|
2002-11-28 15:58:52 +00:00
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-no\-cache
|
2004-07-28 20:02:07 +00:00
|
|
|
|
Disables token data caching.
|
2002-11-28 15:58:52 +00:00
|
|
|
|
.TP
|
2003-04-14 14:51:42 +00:00
|
|
|
|
.BR "\-\-pin\-id " \fIpin\fP ", \-a " \fIpin\fP
|
2002-11-28 15:58:52 +00:00
|
|
|
|
Specifies the auth id of the PIN to use for the operation. This
|
|
|
|
|
is useful with the \-\-change\-pin operation.
|
|
|
|
|
.TP
|
|
|
|
|
.BR "\-\-reader " \fInum\fP
|
|
|
|
|
Forces \*(nm to use reader number \fInum\fP for operations. The default
|
|
|
|
|
is to use reader number 0, the first reader in the system.
|
|
|
|
|
.TP
|
2004-06-13 20:13:12 +00:00
|
|
|
|
.BR \-\-verbose ", " \-v
|
|
|
|
|
Causes \*(nm to be more verbose. Specify this flag several times
|
|
|
|
|
to enable debug output in the opensc library.
|
2002-11-28 15:58:52 +00:00
|
|
|
|
.SH SEE ALSO
|
|
|
|
|
.BR opensc (7),
|
|
|
|
|
.BR pkcs15-init (1),
|
|
|
|
|
.BR pkcs15-crypt (1)
|
|
|
|
|
.SH AUTHORS
|
|
|
|
|
\*(nm was written by Juha Yrj<72>l<EFBFBD> <juha.yrjola@iki.fi>.
|
|
|
|
|
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
|
|
|
|
|
for the Debian GNU/Linux system (but may be used by others).
|