2005-07-20 00:43:38 +00:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
2011-08-14 20:05:17 +00:00
|
|
|
<refentry id="pkcs15-init">
|
|
|
|
<refmeta>
|
|
|
|
<refentrytitle>pkcs15-init</refentrytitle>
|
|
|
|
<manvolnum>1</manvolnum>
|
2011-08-14 21:27:55 +00:00
|
|
|
<refmiscinfo class="productname">OpenSC</refmiscinfo>
|
|
|
|
<refmiscinfo class="manual">OpenSC Tools</refmiscinfo>
|
|
|
|
<refmiscinfo class="source">opensc</refmiscinfo>
|
2011-08-14 20:05:17 +00:00
|
|
|
</refmeta>
|
|
|
|
|
2005-07-20 00:43:38 +00:00
|
|
|
<refmeta>
|
|
|
|
<refentrytitle>pkcs15-init</refentrytitle>
|
|
|
|
<manvolnum>1</manvolnum>
|
2011-08-14 21:27:55 +00:00
|
|
|
<refmiscinfo class="productname">OpenSC</refmiscinfo>
|
|
|
|
<refmiscinfo class="manual">OpenSC Tools</refmiscinfo>
|
|
|
|
<refmiscinfo class="source">opensc</refmiscinfo>
|
2005-07-20 00:43:38 +00:00
|
|
|
</refmeta>
|
|
|
|
|
|
|
|
<refnamediv>
|
|
|
|
<refname>pkcs15-init</refname>
|
|
|
|
<refpurpose>smart card personalization utility</refpurpose>
|
|
|
|
</refnamediv>
|
|
|
|
|
2011-08-14 19:52:02 +00:00
|
|
|
<refsynopsisdiv>
|
|
|
|
<cmdsynopsis>
|
|
|
|
<command>pkcs15-init</command>
|
|
|
|
<arg choice="opt"><replaceable class="option">OPTIONS</replaceable></arg>
|
|
|
|
</cmdsynopsis>
|
|
|
|
</refsynopsisdiv>
|
|
|
|
|
2005-07-20 00:43:38 +00:00
|
|
|
<refsect1>
|
|
|
|
<title>Description</title>
|
|
|
|
<para>
|
|
|
|
The <command>pkcs15-init</command> utility can be used to create a PKCS #15
|
|
|
|
structure on a smart card, and add key or certificate objects. Details of the
|
|
|
|
structure that will be created are controlled via profiles.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
The profile used by default is <command>pkcs15</command>. Alternative
|
|
|
|
profiles can be specified via the <option>-p</option> switch.
|
|
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>PIN Usage</title>
|
|
|
|
<para>
|
|
|
|
<command>pkcs15-init</command> can be used to create a PKCS #15 structure on
|
|
|
|
your smart card, create PINs, and install keys and certificates on the card.
|
2011-08-15 14:58:01 +00:00
|
|
|
This process is also called <replaceable>personalization</replaceable>.
|
2005-07-20 00:43:38 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
An OpenSC card can have one security officer PIN, and zero or more user PINs.
|
|
|
|
PIN stands for Personal Identification Number, and is a secret code you need
|
|
|
|
to present to the card before being allowed to perform certain operations,
|
|
|
|
such as using one of the stored RSA keys to sign a document, or modifying
|
|
|
|
the card itself.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Usually, PINs are a sequence of decimal digits, but some cards will accept
|
|
|
|
arbitrary ASCII characters. Be aware however that using characters other
|
|
|
|
than digits will make the card unusable with PIN pad readers, because those
|
|
|
|
usually have keys for entering digits only.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
The security officer (SO) PIN is special; it is used to protect meta data
|
|
|
|
information on the card, such as the PKCS #15 structure itself. Setting
|
|
|
|
the SO PIN is optional, because the worst that can usually happen is that
|
|
|
|
someone finding your card can mess it up. To extract any of your secret
|
|
|
|
keys stored on the card, an attacker will still need your user PIN, at
|
|
|
|
least for the default OpenSC profiles. However, it is possible to create
|
|
|
|
card profiles that will allow the security officer to override user PINs.
|
|
|
|
</para>
|
|
|
|
<para>
|
2011-08-15 14:58:01 +00:00
|
|
|
For each PIN, you can specify a PUK (also called <replaceable>unblock PIN</replaceable>).
|
2005-07-20 00:43:38 +00:00
|
|
|
The PUK can be used to overwrite or unlock a PIN if too many incorrect values
|
|
|
|
have been entered in a row.
|
|
|
|
</para>
|
2010-03-19 09:41:10 +00:00
|
|
|
<para>
|
2011-08-15 08:40:57 +00:00
|
|
|
For some cards that use the PKCS#15 emulation, the attributes of private objects
|
2010-03-19 09:41:10 +00:00
|
|
|
are protected and cannot be parsed without authentication (usually with User PIN).
|
|
|
|
This authentication need to be done immediately after the card binding.
|
|
|
|
In such cases <option>--verify-pin</option> has to be used.
|
|
|
|
</para>
|
2005-07-20 00:43:38 +00:00
|
|
|
</refsect1>
|
2011-08-15 08:40:57 +00:00
|
|
|
|
2005-07-20 00:43:38 +00:00
|
|
|
<refsect1>
|
|
|
|
<title>Modes of operation</title>
|
|
|
|
<refsect2>
|
|
|
|
<title>Initialization</title>
|
|
|
|
<para>This is the first step during card personalization, and will create the
|
|
|
|
basic files on the card. To create the initial PKCS #15 structure, invoke the
|
|
|
|
utility as
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
<command>pkcs15-init --create-pkcs15</command></para>
|
|
|
|
<para>
|
2010-02-21 09:08:13 +00:00
|
|
|
You will then be asked for the security officer PIN and PUK. Simply
|
2005-07-20 00:43:38 +00:00
|
|
|
pressing return at the SO PIN prompt will skip installation of an SO PIN.
|
|
|
|
</para>
|
|
|
|
<para>
|
2010-02-21 09:08:13 +00:00
|
|
|
If the card supports it, you should erase the contents of the card with
|
2011-08-15 08:40:57 +00:00
|
|
|
<command>pkcs15-init --erase-card</command> before creating the PKCS#15 structure.
|
2005-07-20 00:43:38 +00:00
|
|
|
</para>
|
|
|
|
</refsect2>
|
|
|
|
|
|
|
|
<refsect2>
|
|
|
|
<title>User PIN Installation</title>
|
|
|
|
<para>
|
|
|
|
Before installing any user objects such as private keys, you need at least one
|
|
|
|
PIN to protect these objects. you can do this using
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
<command>pkcs15-init --store-pin --id " nn</command>
|
|
|
|
</para>
|
|
|
|
<para>
|
2011-08-15 14:58:01 +00:00
|
|
|
where <replaceable>nn</replaceable> is a PKCS #15 ID in hexadecimal notation. Common
|
2005-07-20 00:43:38 +00:00
|
|
|
values are 01, 02, etc.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Entering the command above will ask you for the user's PIN and PUK. If you do
|
|
|
|
not wish to install an unblock PIN, simply press return at the PUK prompt.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
To set a label for this PIN object (which can be used by applications to display
|
|
|
|
a meaningful prompt to the user), use the <option>--label</option> command line option.
|
|
|
|
</para>
|
|
|
|
</refsect2>
|
|
|
|
|
|
|
|
<refsect2>
|
|
|
|
<title>Key generation</title>
|
|
|
|
<para>
|
|
|
|
<command>pkcs15-init</command> lets you generate a new key and store it on the card.
|
|
|
|
You can do this using:
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
<command>pkcs15-init --generate-key " keyspec " --auth-id " nn</command>
|
|
|
|
</para>
|
|
|
|
<para>
|
2011-08-15 14:58:01 +00:00
|
|
|
where <replaceable>keyspec</replaceable> describes the algorithm and length of the
|
|
|
|
key to be created, such as <literal>rsa/512</literal>. This will create a 512 bit
|
2005-07-20 00:43:38 +00:00
|
|
|
RSA key. Currently, only RSA key generation is supported. Note that cards
|
|
|
|
usually support just a few different key lengths. Almost all cards will support
|
|
|
|
512 and 1024 bit keys, some will support 768 or 2048 as well.
|
|
|
|
</para>
|
|
|
|
<para>
|
2011-08-15 14:58:01 +00:00
|
|
|
<replaceable>nn</replaceable> is the ID of a user PIN installed previously,
|
|
|
|
e.g. <literal>01</literal>.
|
2005-07-20 00:43:38 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
In addition to storing the private portion of the key on the card,
|
2019-01-23 09:55:24 +00:00
|
|
|
<command>pkcs15-init</command> will also store the public portion of the
|
2005-07-20 00:43:38 +00:00
|
|
|
key as a PKCS #15 public key object.
|
|
|
|
</para>
|
|
|
|
</refsect2>
|
|
|
|
|
|
|
|
<refsect2>
|
2011-08-21 11:36:38 +00:00
|
|
|
<title>Private Key Upload</title>
|
2005-07-20 00:43:38 +00:00
|
|
|
<para>
|
2011-08-21 11:36:38 +00:00
|
|
|
You can use a private key generated by other means and upload it to the card.
|
|
|
|
For instance, to upload a private key contained in a file named
|
2011-08-15 14:58:01 +00:00
|
|
|
<filename>okir.pem</filename>, which is in PEM format, you would use
|
2005-07-20 00:43:38 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
<command>pkcs15-init --store-private-key okir.pem --id 45 --auth-id 01</command>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
In addition to storing the private portion of the key on the card,
|
2019-01-23 09:55:24 +00:00
|
|
|
<command>pkcs15-init</command> will also store the public portion of the
|
2005-07-20 00:43:38 +00:00
|
|
|
key as a PKCS #15 public key object.
|
|
|
|
</para>
|
|
|
|
<para>
|
2012-08-19 18:07:17 +00:00
|
|
|
Note that usage of <option>--id</option> option in the <command>pkcs15-init</command>
|
2018-05-04 21:22:45 +00:00
|
|
|
commands to generate or to import a new key is deprecated.
|
|
|
|
Better practice is to let the middleware to derive the identifier from the key material.
|
|
|
|
(SHA1(modulus) for RSA, SHA1(pub) for DSA, ...).
|
|
|
|
This allows easily set up relation between 'related' objects
|
|
|
|
(private/public keys and certificates).
|
2005-07-20 00:43:38 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
2011-08-15 08:40:57 +00:00
|
|
|
In addition to the PEM key file format, <command>pkcs15-init</command> also
|
2005-07-20 00:43:38 +00:00
|
|
|
supports DER encoded keys, and PKCS #12 files. The latter is the file format
|
|
|
|
used by Netscape Navigator (among others) when exporting certificates to
|
|
|
|
a file. A PKCS #12 file usually contains the X.509 certificate corresponding
|
|
|
|
to the private key. If that is the case, <command>pkcs15-init</command> will
|
|
|
|
store the certificate instead of the public key portion.
|
|
|
|
</para>
|
|
|
|
</refsect2>
|
|
|
|
|
|
|
|
<refsect2>
|
2011-08-21 11:36:38 +00:00
|
|
|
<title>Public Key Upload</title>
|
2005-07-20 00:43:38 +00:00
|
|
|
<para>
|
2011-08-21 11:36:38 +00:00
|
|
|
You can also upload individual public keys to the card using the
|
2005-07-20 00:43:38 +00:00
|
|
|
<option>--store-public-key</option> option, which takes a filename as an
|
|
|
|
argument. This file is supposed to contain the public key. If you don't
|
|
|
|
specify a key file format using the <option>--format</option> option,
|
|
|
|
<command>pkcs15-init</command> will assume PEM format. The only other
|
|
|
|
supported public key file format is DER.
|
|
|
|
</para>
|
|
|
|
<para>
|
2011-08-21 11:36:38 +00:00
|
|
|
Since the corresponding public keys are always uploaded automatically
|
|
|
|
when generating a new key, or when uploading a private key, you will
|
2005-07-20 00:43:38 +00:00
|
|
|
probably use this option only very rarely.
|
|
|
|
</para>
|
|
|
|
</refsect2>
|
|
|
|
|
|
|
|
<refsect2>
|
2011-08-21 11:36:38 +00:00
|
|
|
<title>Certificate Upload</title>
|
2005-07-20 00:43:38 +00:00
|
|
|
<para>
|
2011-08-21 11:36:38 +00:00
|
|
|
You can upload certificates to the card using the
|
2005-07-20 00:43:38 +00:00
|
|
|
<option>--store-certificate</option> option, which takes a filename as
|
2010-02-10 07:44:55 +00:00
|
|
|
an argument. This file is supposed to contain the PEM encoded X.509
|
2005-07-20 00:43:38 +00:00
|
|
|
certificate.
|
|
|
|
</para>
|
|
|
|
</refsect2>
|
|
|
|
|
|
|
|
<refsect2>
|
2011-08-21 11:36:38 +00:00
|
|
|
<title>Uploading PKCS #12 bags</title>
|
2005-07-20 00:43:38 +00:00
|
|
|
<para>
|
|
|
|
Most browsers nowadays use PKCS #12 format files when you ask them to
|
|
|
|
export your key and certificate to a file. <command>pkcs15-init</command>
|
|
|
|
is capable of parsing these files, and storing their contents on the
|
|
|
|
card in a single operation. This works just like storing a private key,
|
|
|
|
except that you need to specify the file format:
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
<command>pkcs15-init --store-private-key okir.p12 --format pkcs12 --auth-id
|
|
|
|
01</command>
|
|
|
|
</para>
|
|
|
|
<para>
|
2011-08-15 14:58:01 +00:00
|
|
|
This will install the private key contained in the file <filename>okir.p12</filename>,
|
|
|
|
and protect it with the PIN referenced by authentication ID <literal>01</literal>.
|
2005-07-20 00:43:38 +00:00
|
|
|
It will also store any X.509 certificates contained in the file, which is
|
|
|
|
usually the user certificate that goes with the key, as well as the CA certificate.
|
|
|
|
</para>
|
|
|
|
</refsect2>
|
2017-06-12 10:32:58 +00:00
|
|
|
|
|
|
|
<refsect2>
|
|
|
|
<title>Secret Key Upload</title>
|
|
|
|
<para>
|
|
|
|
You can use a secret key generated by other means and upload it to the card.
|
|
|
|
For instance, to upload an AES-secret key generated by the system random generator
|
|
|
|
you would use
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
<command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes/256 --auth-id 01</command>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
By default a random ID is generated for the secret key. You may specify an ID
|
|
|
|
with the <option>--id</option> if needed.
|
|
|
|
</para>
|
|
|
|
</refsect2>
|
2005-07-20 00:43:38 +00:00
|
|
|
</refsect1>
|
2011-08-15 08:40:57 +00:00
|
|
|
|
2005-07-20 00:43:38 +00:00
|
|
|
<refsect1>
|
|
|
|
<title>Options</title>
|
|
|
|
<para>
|
|
|
|
<variablelist>
|
2018-05-04 21:22:45 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--version</option>,
|
|
|
|
</term>
|
|
|
|
<listitem><para>Print the OpenSC package release version.</para></listitem>
|
|
|
|
</varlistentry>
|
2005-07-20 00:43:38 +00:00
|
|
|
<varlistentry>
|
2011-08-15 14:58:01 +00:00
|
|
|
<term>
|
|
|
|
<option>--card-profile</option> <replaceable>name</replaceable>,
|
|
|
|
<option>-c</option> <replaceable>name</replaceable>
|
|
|
|
</term>
|
2005-07-20 00:43:38 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Tells <command>pkcs15-init</command> to load the specified card
|
|
|
|
profile option. You will rarely need this option.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
2011-08-15 14:58:01 +00:00
|
|
|
<term>
|
|
|
|
<option>--create-pkcs15</option>,
|
|
|
|
<option>-C</option>
|
|
|
|
</term>
|
2005-07-20 00:43:38 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
This tells <command>pkcs15-init</command> to create a PKCS #15
|
|
|
|
structure on the card, and initialize any PINs.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2018-05-04 21:22:45 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--serial</option> <replaceable>SERIAL</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Specify the serial number of the card.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2005-07-20 00:43:38 +00:00
|
|
|
<varlistentry>
|
2011-08-15 14:58:01 +00:00
|
|
|
<term>
|
|
|
|
<option>--erase-card</option>,
|
|
|
|
<option>-E</option>
|
|
|
|
</term>
|
2005-07-20 00:43:38 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
This will erase the card prior to creating the PKCS #15 structure,
|
|
|
|
if the card supports it. If the card does not support erasing,
|
|
|
|
<command>pkcs15-init</command> will fail.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2018-05-04 21:22:45 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--erase-application</option> <replaceable>AID</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
This will erase the application with the application identifier
|
|
|
|
<replaceable>AID</replaceable>.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2005-07-20 00:43:38 +00:00
|
|
|
<varlistentry>
|
2011-08-15 14:58:01 +00:00
|
|
|
<term>
|
|
|
|
<option>--generate-key</option> <replaceable>keyspec</replaceable>,
|
|
|
|
<option>-G</option> <replaceable>keyspec</replaceable>
|
|
|
|
</term>
|
2005-07-20 00:43:38 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Tells the card to generate new key and store it on the card.
|
2011-08-15 14:58:01 +00:00
|
|
|
<replaceable>keyspec</replaceable> consists of an algorithm name
|
2005-07-20 00:43:38 +00:00
|
|
|
(currently, the only supported name is <option>RSA</option>),
|
|
|
|
optionally followed by a slash and the length of the key in bits.
|
|
|
|
It is a good idea to specify the key ID along with this command,
|
2011-08-15 08:40:57 +00:00
|
|
|
using the <option>id</option> option, otherwise an intrinsic ID
|
2018-04-27 07:18:13 +00:00
|
|
|
will be calculated from the key material. Look the description of
|
|
|
|
the 'pkcs15-id-style' attribute in the 'pkcs15.profile' for the details
|
|
|
|
about the algorithm used to calculate intrinsic ID.
|
|
|
|
For the multi-application cards the target PKCS#15 application can be
|
|
|
|
specified by the hexadecimal AID value of the <option>aid</option> option.
|
2005-07-20 00:43:38 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
2011-08-15 14:58:01 +00:00
|
|
|
<term>
|
2020-02-18 22:33:30 +00:00
|
|
|
<option>--pin</option> <replaceable>pin</replaceable>,
|
|
|
|
<option>--puk</option> <replaceable>puk</replaceable>,
|
|
|
|
<option>--so-pin</option> <replaceable>sopin</replaceable>,
|
|
|
|
<option>--so-puk</option> <replaceable>sopuk</replaceable>
|
2011-08-15 14:58:01 +00:00
|
|
|
</term>
|
2005-07-20 00:43:38 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2020-02-18 22:33:30 +00:00
|
|
|
These options can be used to specify the PIN/PUK values
|
|
|
|
on the command line. If the value is set to
|
|
|
|
<literal>env:</literal><replaceable>VARIABLE</replaceable>, the value
|
|
|
|
of the specified environment variable is used. By default,
|
|
|
|
the code is prompted on the command line if needed.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Note that on most operation systems, any user can
|
2014-11-04 20:44:02 +00:00
|
|
|
display the command line of any process on the
|
|
|
|
system using utilities such as
|
2020-02-18 21:49:29 +00:00
|
|
|
<command>ps(1)</command>. Therefore, you should prefer
|
2020-02-18 22:33:30 +00:00
|
|
|
passing the codes via an environment variable
|
2020-02-18 21:49:29 +00:00
|
|
|
on an unsecured system.
|
2011-08-21 11:36:38 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2018-05-04 21:22:45 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--no-so-pin</option>,
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Do not install a SO PIN, and do not prompt for it.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2011-08-21 11:36:38 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--profile</option> <replaceable>name</replaceable>,
|
|
|
|
<option>-p</option> <replaceable>name</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Tells <command>pkcs15-init</command> to load the specified general
|
|
|
|
profile. Currently, the only application profile defined is
|
|
|
|
<literal>pkcs15</literal>, but you can write your own profiles and
|
|
|
|
specify them using this option.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
The profile name can be combined with one or more profile
|
|
|
|
options, which slightly modify the profile's behavior.
|
|
|
|
For instance, the default OpenSC profile supports the
|
|
|
|
<option>openpin</option> option, which installs a single PIN during
|
|
|
|
card initialization. This PIN is then used both as the SO PIN as
|
|
|
|
well as the user PIN for all keys stored on the card.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Profile name and options are separated by a <literal>+</literal>
|
|
|
|
character, as in <literal>pkcs15+onepin</literal>.
|
2005-07-20 00:43:38 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2017-06-12 10:32:58 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--secret-key-algorithm</option> <replaceable>keyspec</replaceable>,
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
<replaceable>keyspec</replaceable> describes the algorithm and length of the
|
|
|
|
key to be created or downloaded, such as <literal>aes/256</literal>.
|
|
|
|
This will create a 256 bit AES key.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2005-07-20 00:43:38 +00:00
|
|
|
<varlistentry>
|
2011-08-15 14:58:01 +00:00
|
|
|
<term>
|
|
|
|
<option>--store-certificate</option> <replaceable>filename</replaceable>,
|
|
|
|
<option>-X</option> <replaceable>filename</replaceable>
|
|
|
|
</term>
|
2005-07-20 00:43:38 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Tells <command>pkcs15-init</command> to store the certificate given
|
|
|
|
in <option>filename</option> on the card, creating a certificate
|
|
|
|
object with the ID specified via the <option>--id</option> option.
|
2018-05-04 21:22:45 +00:00
|
|
|
Without supplied ID an intrinsic ID will be calculated from the
|
|
|
|
certificate's public key. Look the description of the 'pkcs15-id-style'
|
|
|
|
attribute in the 'pkcs15.profile' for the details
|
|
|
|
about the algorithm used to calculate intrinsic ID.
|
2010-02-10 07:44:55 +00:00
|
|
|
The file is assumed to contain the PEM encoded certificate.
|
2018-05-04 21:22:45 +00:00
|
|
|
For the multi-application cards the target application can be specified
|
|
|
|
by the hexadecimal AID value of the <option>aid</option> option.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--store-pin</option>,
|
|
|
|
<option>-P</option>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Store a new PIN/PUK on the card.
|
2005-07-20 00:43:38 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2010-08-31 01:24:53 +00:00
|
|
|
<varlistentry>
|
2011-08-15 14:58:01 +00:00
|
|
|
<term>
|
2011-08-21 11:36:38 +00:00
|
|
|
<option>--store-public-key</option> <replaceable>filename</replaceable>
|
2011-08-15 14:58:01 +00:00
|
|
|
</term>
|
2010-08-31 01:24:53 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2011-08-21 11:36:38 +00:00
|
|
|
Tells <command>pkcs15-init</command> to download the specified
|
|
|
|
public key to the card and create a public key object with the
|
|
|
|
key ID specified via the <option>--id</option>. By default,
|
|
|
|
the file is assumed to contain the key in PEM format. Alternative
|
|
|
|
formats can be specified using <option>--format</option>.
|
2010-08-31 01:24:53 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2009-11-13 12:25:18 +00:00
|
|
|
<varlistentry>
|
2011-08-15 14:58:01 +00:00
|
|
|
<term>
|
2011-08-21 11:36:38 +00:00
|
|
|
<option>--store-private-key</option> <replaceable>filename</replaceable>,
|
|
|
|
<option>-S</option> <replaceable>filename</replaceable>
|
2011-08-15 14:58:01 +00:00
|
|
|
</term>
|
2009-11-13 12:25:18 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2011-08-21 11:36:38 +00:00
|
|
|
Tells <command>pkcs15-init</command> to download the specified
|
|
|
|
private key to the card. This command will also create a public
|
|
|
|
key object containing the public key portion. By default, the
|
|
|
|
file is assumed to contain the key in PEM format. Alternative
|
|
|
|
formats can be specified using <option>--format</option>.
|
|
|
|
It is a good idea to specify the key ID along with this command,
|
|
|
|
using the <option>--id</option> option, otherwise an intrinsic ID
|
2018-05-04 21:22:45 +00:00
|
|
|
will be calculated from the key material. Look the description of
|
|
|
|
the 'pkcs15-id-style' attribute in the 'pkcs15.profile' for the details
|
|
|
|
about the algorithm used to calculate intrinsic ID.
|
|
|
|
For the multi-application cards the target PKCS#15 application can be
|
|
|
|
specified by the hexadecimal AID value of the <option>aid</option> option.
|
2009-11-13 12:25:18 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2017-06-12 10:32:58 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--store-secret-key</option> <replaceable>filename</replaceable>,
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Tells <command>pkcs15-init</command> to download the specified
|
|
|
|
secret key to the card. The file is assumed to contain the raw key.
|
|
|
|
They key type should be specified with <option>--secret-key-algorithm</option>
|
|
|
|
option.
|
2018-05-04 21:22:45 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
2017-06-12 10:32:58 +00:00
|
|
|
You may additionally specify the key ID along with this command,
|
|
|
|
using the <option>--id</option> option, otherwise a random ID is generated.
|
|
|
|
For the multi-application cards the target PKCS#15 application can be
|
|
|
|
specified by the hexadecimal AID value of the <option>aid</option> option.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2018-05-04 21:22:45 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--store-data</option> <replaceable>filename</replaceable>,
|
|
|
|
<option>-W</option> <replaceable>filename</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Store a data object.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2005-07-20 00:43:38 +00:00
|
|
|
<varlistentry>
|
2011-08-15 14:58:01 +00:00
|
|
|
<term>
|
2011-08-21 11:36:38 +00:00
|
|
|
<option>--update-certificate</option> <replaceable>filename</replaceable>,
|
|
|
|
<option>-U</option> <replaceable>filename</replaceable>
|
2011-08-15 14:58:01 +00:00
|
|
|
</term>
|
2005-07-20 00:43:38 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2011-08-21 11:36:38 +00:00
|
|
|
Tells <command>pkcs15-init</command> to update the certificate
|
|
|
|
object with the ID specified via the <option>--id</option> option
|
2018-05-04 21:22:45 +00:00
|
|
|
with the certificate in <replaceable>filename</replaceable>.
|
2011-08-21 11:36:38 +00:00
|
|
|
The file is assumed to contain a PEM encoded certificate.
|
|
|
|
</para>
|
|
|
|
<para>Pay extra attention when updating mail decryption certificates, as
|
2018-05-04 21:22:45 +00:00
|
|
|
missing certificates can render e-mail messages unreadable!
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--delete-objects</option> <replaceable>arg</replaceable>,
|
|
|
|
<option>-D</option> <replaceable>arg</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Tells <command>pkcs15-init</command> to delete the
|
|
|
|
specified object. <replaceable>arg</replaceable>
|
|
|
|
is comma-separated list containing any of
|
|
|
|
<literal>privkey</literal>, <literal>pubkey</literal>,
|
|
|
|
<literal>secrkey</literal>, <literal>cert</literal>,
|
|
|
|
<literal>chain</literal> or <literal>data</literal>.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
When <literal>data</literal> is specified, an
|
|
|
|
-<option>--application-id</option> must also be
|
|
|
|
specified, in the other cases an
|
|
|
|
<option>--id</option> must also be specified
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
When <literal>chain</literal> is specified, the
|
|
|
|
certificate chain starting with the cert with
|
|
|
|
specified ID will be deleted, until there's a CA
|
|
|
|
certificate that certifies another cert on the card
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--change-attributes</option> <replaceable>arg</replaceable>,
|
|
|
|
<option>-A</option> <replaceable>arg</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Tells <command>pkcs15-init</command> to change the
|
|
|
|
specified attribute. <replaceable>arg</replaceable>
|
|
|
|
is either <literal>privkey</literal>,
|
|
|
|
<literal>pubkey</literal>, <literal>secrkey</literal>,
|
|
|
|
<literal>cert</literal> or <literal>data</literal>.
|
|
|
|
You also have to specify the <option>--id</option>
|
|
|
|
of the object.
|
|
|
|
For now, you can only change the <option>--label</option>, e.g:
|
|
|
|
<programlisting>
|
|
|
|
pkcs15-init -A cert --id 45 -a 1 --label Jim
|
|
|
|
</programlisting>
|
2005-07-20 00:43:38 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
2011-08-15 14:58:01 +00:00
|
|
|
<term>
|
2011-08-21 11:36:38 +00:00
|
|
|
<option>--use-default-transport-keys</option>,
|
|
|
|
<option>-T</option>
|
2011-08-15 14:58:01 +00:00
|
|
|
</term>
|
2005-07-20 00:43:38 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2011-08-21 11:36:38 +00:00
|
|
|
Tells <command>pkcs15-init</command> to not ask for the transport
|
|
|
|
keys and use default keys, as known by the card driver.
|
2005-07-20 00:43:38 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2018-05-04 21:22:45 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--sanity-check</option>,
|
|
|
|
<option>-T</option>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Tells <command>pkcs15-init</command> to perform a
|
|
|
|
card specific sanity check and possibly update
|
|
|
|
procedure.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
2018-12-05 00:38:54 +00:00
|
|
|
<option>--reader</option> <replaceable>arg</replaceable>,
|
|
|
|
<option>-r</option> <replaceable>arg</replaceable>
|
2018-05-04 21:22:45 +00:00
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
2018-12-05 00:38:54 +00:00
|
|
|
Number of the reader to use. By default, the first
|
2018-05-04 21:22:45 +00:00
|
|
|
reader with a present card is used. If
|
2018-12-05 00:38:54 +00:00
|
|
|
<replaceable>arg</replaceable> is an ATR, the
|
2018-05-04 21:22:45 +00:00
|
|
|
reader with a matching card will be chosen.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2005-07-20 00:43:38 +00:00
|
|
|
<varlistentry>
|
2011-08-15 14:58:01 +00:00
|
|
|
<term>
|
|
|
|
<option>--verbose</option>,
|
|
|
|
<option>-v</option>
|
|
|
|
</term>
|
2005-07-20 00:43:38 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Causes <command>pkcs15-init</command> to be more verbose. Specify this
|
|
|
|
flag several times to enable debug output in the OpenSC library.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2018-04-27 07:18:13 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--wait</option>,
|
|
|
|
<option>-w</option>
|
|
|
|
</term>
|
|
|
|
<listitem><para>Causes <command>pkcs15-init</command> to
|
2018-05-04 21:22:45 +00:00
|
|
|
wait for a card insertion.</para></listitem>
|
2018-04-27 07:18:13 +00:00
|
|
|
</varlistentry>
|
|
|
|
|
2017-02-03 16:01:52 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--use-pinpad</option>
|
|
|
|
</term>
|
|
|
|
<listitem><para>Do not prompt the user; if no PINs supplied, pinpad will be used.</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2018-05-04 21:22:45 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--puk-id</option> <replaceable>ID</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Specify ID of PUK to use/create
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--puk-label</option> <replaceable>LABEL</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Specify label of PUK
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--public-key-label</option> <replaceable>LABEL</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Specify public key label (use with <option>--generate-key</option>)
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--cert-label</option> <replaceable>LABEL</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Specify user cert label (use with <option>--store-private-key</option>)
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--application-name</option> <replaceable>arg</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Specify application name of data object (use with <option>--store-data-object</option>)
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--aid</option> <replaceable>AID</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Specify AID of the on-card PKCS#15 application to be binded to (in hexadecimal form)
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--output-file</option> <replaceable>filename</replaceable>
|
|
|
|
<option>-o</option> <replaceable>filename</replaceable>,
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Output public portion of generated key to file
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--passphrase</option> <replaceable>PASSPHRASE</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Specify passphrase for unlocking secret key
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--authority</option>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Mark certificate as a CA certificate
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--key-usage</option> <replaceable>arg</replaceable>
|
|
|
|
<option>-u</option> <replaceable>arg</replaceable>,
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Specifies the X.509 key usage.
|
|
|
|
<replaceable>arg</replaceable> is comma-separated
|
|
|
|
list containing any of
|
|
|
|
<literal>digitalSignature</literal>,
|
|
|
|
<literal>nonRepudiation</literal>,
|
|
|
|
<literal>keyEncipherment</literal>,
|
|
|
|
<literal>dataEncipherment</literal>,
|
|
|
|
<literal>keyAgreement</literal>,
|
|
|
|
<literal>keyCertSign</literal>,
|
|
|
|
<literal>cRLSign</literal>. Abbreviated names are
|
|
|
|
allowed if unique (e.g.
|
|
|
|
<literal>dataEnc</literal>).
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
The alias <literal>sign</literal> is equivalent to
|
|
|
|
<literal>digitalSignature,keyCertSign,cRLSign</literal>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
The alias <literal>decrypt</literal> is equivalent to
|
|
|
|
<literal>keyEncipherment,dataEncipherment</literal>
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--finalize</option>
|
|
|
|
<option>-F</option>,
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Finish initialization phase of the smart card
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--update-last-update</option>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Update 'lastUpdate' attribute of tokenInfo
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--ignore-ca-certificates</option>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
When storing PKCS#12 ignore CA certificates
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--update-existing</option>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Store or update existing certificate
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--extractable</option>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Private key stored as an extractable key
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2018-12-04 11:57:44 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--user-consent</option> <replaceable>arg</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Specify user-consent. <replaceable>arg</replaceable> is an integer value.
|
|
|
|
If > 0, the value specifies how many times the
|
|
|
|
object can be accessed before a new authentication is required.
|
|
|
|
If zero, the object does not require re-authentication.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2018-05-04 21:22:45 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--insecure</option>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Insecure mode: do not require a PIN for private key
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--md-container-guid</option> <replaceable>GUID</replaceable>
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
For a new key specify GUID for a MD container
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<option>--help</option>
|
|
|
|
<option>-h</option>,
|
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Display help message
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2005-07-20 00:43:38 +00:00
|
|
|
</variablelist>
|
|
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>See also</title>
|
2011-08-14 20:31:31 +00:00
|
|
|
<para>
|
|
|
|
<citerefentry>
|
|
|
|
<refentrytitle>pkcs15-profile</refentrytitle>
|
|
|
|
<manvolnum>5</manvolnum>
|
|
|
|
</citerefentry>
|
|
|
|
</para>
|
2005-07-20 00:43:38 +00:00
|
|
|
</refsect1>
|
|
|
|
|
2018-05-08 06:25:15 +00:00
|
|
|
<refsect1>
|
|
|
|
<title>Authors</title>
|
|
|
|
<para><command>pkcs15-init</command> was written by
|
|
|
|
Olaf Kirch <email>okir@suse.de</email>.</para>
|
|
|
|
</refsect1>
|
|
|
|
|
2005-07-20 00:43:38 +00:00
|
|
|
</refentry>
|