2002-03-13 13:09:15 +00:00
|
|
|
|
.PU
|
|
|
|
|
.ds nm \fBpkcs15-crypt\fR
|
|
|
|
|
.TH pkcs15-crypt 1 "" "" OpenSC
|
|
|
|
|
.SH NAME
|
|
|
|
|
pkcs15-crypt \- perform crypto operations using pkcs15 smart card
|
|
|
|
|
.SH SYNOPSIS
|
|
|
|
|
\*(nm
|
|
|
|
|
.RI [ " OPTIONS " ]
|
|
|
|
|
.SH DESCRIPTION
|
|
|
|
|
The \*(nm utility can be used from the command line to perform
|
|
|
|
|
cryptographic operations such as computing digital signatures or
|
2004-07-28 20:02:07 +00:00
|
|
|
|
decrypting data, using keys stored on a PKCS #15 compliant smart
|
2002-03-13 13:09:15 +00:00
|
|
|
|
card.
|
|
|
|
|
.SH OPTIONS
|
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-sign ", " \-s
|
|
|
|
|
Perform digital signature operation on the data read from a
|
|
|
|
|
file specified using the
|
|
|
|
|
.B \-\-input
|
|
|
|
|
option. By default, the contents of the file are assumed to
|
|
|
|
|
be the result of an MD5 hash operation. Note that \*(nm
|
|
|
|
|
expects the data in binary representation, not ASCII.
|
|
|
|
|
.IP
|
2004-07-28 20:02:07 +00:00
|
|
|
|
The digital signature is stored, in binary representation,
|
2002-03-13 13:09:15 +00:00
|
|
|
|
in the file specified by the
|
|
|
|
|
.B \-\-output
|
|
|
|
|
option. If this option is not given, the signature
|
|
|
|
|
is printed on standard output, displaying non-printable
|
|
|
|
|
characters using their hex notation
|
2004-08-21 14:26:16 +00:00
|
|
|
|
.BR \e\exNN
|
|
|
|
|
(see also
|
|
|
|
|
.B \-\-raw).
|
|
|
|
|
.
|
2002-03-13 13:09:15 +00:00
|
|
|
|
.TP
|
|
|
|
|
.B \-\-pkcs1
|
|
|
|
|
By default, \*(nm assumes that input data has been padded to
|
|
|
|
|
the correct length (i.e. when computing an RSA signature using
|
|
|
|
|
a 1024 bit key, the input must be padded to 128 bytes to match
|
|
|
|
|
the modulus length). When giving the
|
|
|
|
|
.B \-\-pkcs1
|
|
|
|
|
option, however, \*(nm will perform the required padding
|
2004-07-28 20:02:07 +00:00
|
|
|
|
using the algorithm outlined in the PKCS #1 standard version 1.5.
|
2002-03-13 13:09:15 +00:00
|
|
|
|
.TP
|
2004-08-21 14:26:16 +00:00
|
|
|
|
.B \-\-sha\-1
|
2002-03-13 13:09:15 +00:00
|
|
|
|
This option tells \(*nm that the input file is the result
|
|
|
|
|
of an SHA1 hash operation, rather than an MD5 hash. Again,
|
|
|
|
|
the data must be in binary representation.
|
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-decipher ", "\-c
|
|
|
|
|
Decrypt the contents of the file specified by the
|
|
|
|
|
.B \-\-input
|
|
|
|
|
option. The result of the decryption operation is written to
|
|
|
|
|
the file specified by the
|
|
|
|
|
.B \-\-output
|
|
|
|
|
option. If this option is not given, the decrypted data is
|
|
|
|
|
printed to standard output, displaying non-printable
|
2004-08-21 14:26:16 +00:00
|
|
|
|
characters using their hex notation
|
|
|
|
|
.BR \e\exNN
|
|
|
|
|
(see also
|
|
|
|
|
.B \-\-raw).
|
|
|
|
|
.
|
2002-03-13 13:09:15 +00:00
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-key " id, " \-k " id"
|
|
|
|
|
Selects the ID of the key to use.
|
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-reader " N, " \-r " N"
|
|
|
|
|
Selects the N-th smart card reader configured by the system.
|
|
|
|
|
If unspecified, \*(nm will use the first reader found.
|
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-input " file, " \-i " file"
|
|
|
|
|
Specifies the input file to use.
|
|
|
|
|
.TP
|
|
|
|
|
.BR \-\-output " file, " \-o " file"
|
|
|
|
|
Any output will be sent to the specified file.
|
|
|
|
|
.TP
|
2004-08-21 14:26:16 +00:00
|
|
|
|
.BR \-\-raw ", "\-R
|
|
|
|
|
Outputs raw 8 bit data.
|
|
|
|
|
.TP
|
2002-03-13 13:09:15 +00:00
|
|
|
|
.BR \-\-pin " pincode, " \-p " pincode"
|
|
|
|
|
When the cryptographic operation requires a PIN to access
|
|
|
|
|
the key, \*(nm will prompt the user for the PIN on the terminal.
|
|
|
|
|
Using this option allows you to specify the PIN on the command
|
|
|
|
|
line.
|
|
|
|
|
.IP
|
|
|
|
|
Note that on most operating systems, the command line of
|
|
|
|
|
a process can be displayed by any user using the
|
|
|
|
|
.BR ps (1)
|
|
|
|
|
command. It is therefore a security risk to specify
|
|
|
|
|
secret information such as PINs on the command line.
|
|
|
|
|
.TP
|
2004-06-13 20:13:12 +00:00
|
|
|
|
.BR \-\-verbose ", " \-v
|
|
|
|
|
Causes \*(nm to be more verbose. Specify this flag several times
|
|
|
|
|
to enable debug output in the opensc library.
|
2002-03-13 13:09:15 +00:00
|
|
|
|
.SH AUTHORS
|
|
|
|
|
\*(nm was written by Juha Yrj<72>l<EFBFBD> <juha.yrjola@iki.fi>.
|
|
|
|
|
This manpage was contributed by Olaf Kirch <okir@lst.de>.
|