89 lines
2.9 KiB
Groff
89 lines
2.9 KiB
Groff
|
.PU
|
|||
|
.ds nm \fBpkcs15-crypt\fR
|
|||
|
.TH pkcs15-crypt 1 "" "" OpenSC
|
|||
|
.SH NAME
|
|||
|
pkcs15-crypt \- perform crypto operations using pkcs15 smart card
|
|||
|
.SH SYNOPSIS
|
|||
|
\*(nm
|
|||
|
.RI [ " OPTIONS " ]
|
|||
|
.SH DESCRIPTION
|
|||
|
The \*(nm utility can be used from the command line to perform
|
|||
|
cryptographic operations such as computing digital signatures or
|
|||
|
decrypting data, using keys stored on a PKCS#15 compliant smart
|
|||
|
card.
|
|||
|
.SH OPTIONS
|
|||
|
.TP
|
|||
|
.BR \-\-sign ", " \-s
|
|||
|
Perform digital signature operation on the data read from a
|
|||
|
file specified using the
|
|||
|
.B \-\-input
|
|||
|
option. By default, the contents of the file are assumed to
|
|||
|
be the result of an MD5 hash operation. Note that \*(nm
|
|||
|
expects the data in binary representation, not ASCII.
|
|||
|
.IP
|
|||
|
The digitial signature is stored, in binary representation,
|
|||
|
in the file specified by the
|
|||
|
.B \-\-output
|
|||
|
option. If this option is not given, the signature
|
|||
|
is printed on standard output, displaying non-printable
|
|||
|
characters using their hex notation
|
|||
|
.BR \e\exNN .
|
|||
|
.TP
|
|||
|
.B \-\-pkcs1
|
|||
|
By default, \*(nm assumes that input data has been padded to
|
|||
|
the correct length (i.e. when computing an RSA signature using
|
|||
|
a 1024 bit key, the input must be padded to 128 bytes to match
|
|||
|
the modulus length). When giving the
|
|||
|
.B \-\-pkcs1
|
|||
|
option, however, \*(nm will perform the required padding
|
|||
|
using the algorithm outlined in the PCKS#1 v1.5 standard.
|
|||
|
.TP
|
|||
|
.B \-\-sha1
|
|||
|
This option tells \(*nm that the input file is the result
|
|||
|
of an SHA1 hash operation, rather than an MD5 hash. Again,
|
|||
|
the data must be in binary representation.
|
|||
|
.TP
|
|||
|
.BR \-\-decipher ", "\-c
|
|||
|
Decrypt the contents of the file specified by the
|
|||
|
.B \-\-input
|
|||
|
option. The result of the decryption operation is written to
|
|||
|
the file specified by the
|
|||
|
.B \-\-output
|
|||
|
option. If this option is not given, the decrypted data is
|
|||
|
printed to standard output, displaying non-printable
|
|||
|
.TP
|
|||
|
.BR \-\-key " id, " \-k " id"
|
|||
|
Selects the ID of the key to use.
|
|||
|
.TP
|
|||
|
.BR \-\-reader " N, " \-r " N"
|
|||
|
Selects the N-th smart card reader configured by the system.
|
|||
|
If unspecified, \*(nm will use the first reader found.
|
|||
|
.TP
|
|||
|
.BR \-\-input " file, " \-i " file"
|
|||
|
Specifies the input file to use.
|
|||
|
.TP
|
|||
|
.BR \-\-output " file, " \-o " file"
|
|||
|
Any output will be sent to the specified file.
|
|||
|
.TP
|
|||
|
.BR \-\-pin " pincode, " \-p " pincode"
|
|||
|
When the cryptographic operation requires a PIN to access
|
|||
|
the key, \*(nm will prompt the user for the PIN on the terminal.
|
|||
|
Using this option allows you to specify the PIN on the command
|
|||
|
line.
|
|||
|
.IP
|
|||
|
Note that on most operating systems, the command line of
|
|||
|
a process can be displayed by any user using the
|
|||
|
.BR ps (1)
|
|||
|
command. It is therefore a security risk to specify
|
|||
|
secret information such as PINs on the command line.
|
|||
|
.TP
|
|||
|
.BR \-\-quiet ", " \-q
|
|||
|
Operate quietly.
|
|||
|
.TP
|
|||
|
.BR \-\-debug ", " \-d
|
|||
|
Print debugging information. By specifying this option
|
|||
|
several times, you can increase the verbosity level.
|
|||
|
.SH AUTHORS
|
|||
|
\*(nm was written by Juha Yrj<72>l<EFBFBD> <juha.yrjola@iki.fi>.
|
|||
|
This manpage was contributed by Olaf Kirch <okir@lst.de>.
|