From 00a710b93999bad9fffd701d1cb775bca3a36a12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Mon, 12 Jun 2017 13:32:58 +0300 Subject: [PATCH] pkcs15-tool: add documentation for secret key options --- doc/tools/pkcs15-init.1.xml | 47 +++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/doc/tools/pkcs15-init.1.xml b/doc/tools/pkcs15-init.1.xml index 7b28af66..3a0bd28c 100644 --- a/doc/tools/pkcs15-init.1.xml +++ b/doc/tools/pkcs15-init.1.xml @@ -233,6 +233,22 @@ usually the user certificate that goes with the key, as well as the CA certificate. + + + Secret Key Upload + + You can use a secret key generated by other means and upload it to the card. + For instance, to upload an AES-secret key generated by the system random generator + you would use + + + pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes/256 --auth-id 01 + + + By default a random ID is generated for the secret key. You may specify an ID + with the if needed. + + @@ -380,6 +396,19 @@ + + + keyspec, + + + + keyspec describes the algorithm and length of the + key to be created or downloaded, such as aes/256. + This will create a 256 bit AES key. + + + + filename, @@ -439,6 +468,24 @@ + + + filename, + + + + Tells pkcs15-init to download the specified + secret key to the card. The file is assumed to contain the raw key. + They key type should be specified with + option. + You may additionally specify the key ID along with this command, + using the option, otherwise a random ID is generated. + For the multi-application cards the target PKCS#15 application can be + specified by the hexadecimal AID value of the option. + + + + filename,