pkcs15-tool: add documentation for secret key options
This commit is contained in:
parent
137c6306d2
commit
00a710b939
|
@ -233,6 +233,22 @@
|
||||||
usually the user certificate that goes with the key, as well as the CA certificate.
|
usually the user certificate that goes with the key, as well as the CA certificate.
|
||||||
</para>
|
</para>
|
||||||
</refsect2>
|
</refsect2>
|
||||||
|
|
||||||
|
<refsect2>
|
||||||
|
<title>Secret Key Upload</title>
|
||||||
|
<para>
|
||||||
|
You can use a secret key generated by other means and upload it to the card.
|
||||||
|
For instance, to upload an AES-secret key generated by the system random generator
|
||||||
|
you would use
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes/256 --auth-id 01</command>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
By default a random ID is generated for the secret key. You may specify an ID
|
||||||
|
with the <option>--id</option> if needed.
|
||||||
|
</para>
|
||||||
|
</refsect2>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
|
@ -380,6 +396,19 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--secret-key-algorithm</option> <replaceable>keyspec</replaceable>,
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<replaceable>keyspec</replaceable> describes the algorithm and length of the
|
||||||
|
key to be created or downloaded, such as <literal>aes/256</literal>.
|
||||||
|
This will create a 256 bit AES key.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
<option>--store-certificate</option> <replaceable>filename</replaceable>,
|
<option>--store-certificate</option> <replaceable>filename</replaceable>,
|
||||||
|
@ -439,6 +468,24 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--store-secret-key</option> <replaceable>filename</replaceable>,
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Tells <command>pkcs15-init</command> to download the specified
|
||||||
|
secret key to the card. The file is assumed to contain the raw key.
|
||||||
|
They key type should be specified with <option>--secret-key-algorithm</option>
|
||||||
|
option.
|
||||||
|
You may additionally specify the key ID along with this command,
|
||||||
|
using the <option>--id</option> option, otherwise a random ID is generated.
|
||||||
|
For the multi-application cards the target PKCS#15 application can be
|
||||||
|
specified by the hexadecimal AID value of the <option>aid</option> option.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
<option>--update-certificate</option> <replaceable>filename</replaceable>,
|
<option>--update-certificate</option> <replaceable>filename</replaceable>,
|
||||||
|
|
Loading…
Reference in New Issue