pkcs15-tool: add documentation for secret key options
This commit is contained in:
parent
137c6306d2
commit
00a710b939
|
@ -233,6 +233,22 @@
|
|||
usually the user certificate that goes with the key, as well as the CA certificate.
|
||||
</para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>Secret Key Upload</title>
|
||||
<para>
|
||||
You can use a secret key generated by other means and upload it to the card.
|
||||
For instance, to upload an AES-secret key generated by the system random generator
|
||||
you would use
|
||||
</para>
|
||||
<para>
|
||||
<command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes/256 --auth-id 01</command>
|
||||
</para>
|
||||
<para>
|
||||
By default a random ID is generated for the secret key. You may specify an ID
|
||||
with the <option>--id</option> if needed.
|
||||
</para>
|
||||
</refsect2>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
@ -380,6 +396,19 @@
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--secret-key-algorithm</option> <replaceable>keyspec</replaceable>,
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
<replaceable>keyspec</replaceable> describes the algorithm and length of the
|
||||
key to be created or downloaded, such as <literal>aes/256</literal>.
|
||||
This will create a 256 bit AES key.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--store-certificate</option> <replaceable>filename</replaceable>,
|
||||
|
@ -439,6 +468,24 @@
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--store-secret-key</option> <replaceable>filename</replaceable>,
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Tells <command>pkcs15-init</command> to download the specified
|
||||
secret key to the card. The file is assumed to contain the raw key.
|
||||
They key type should be specified with <option>--secret-key-algorithm</option>
|
||||
option.
|
||||
You may additionally specify the key ID along with this command,
|
||||
using the <option>--id</option> option, otherwise a random ID is generated.
|
||||
For the multi-application cards the target PKCS#15 application can be
|
||||
specified by the hexadecimal AID value of the <option>aid</option> option.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--update-certificate</option> <replaceable>filename</replaceable>,
|
||||
|
|
Loading…
Reference in New Issue