|
|
|
@ -43,7 +43,7 @@ span.errortext {
|
|
|
|
|
font-style: italic;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
--></style></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book"><div class="titlepage"><div><div><h1 class="title"><a name="idm1"></a>OpenSC Manuals</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="reference"><a href="#idm3">I. OpenSC tools</a></span></dt><dt><span class="reference"><a href="#idm3564">II. OpenSC file formats</a></span></dt></dl></div><div class="reference"><div class="titlepage"><div><div><h1 class="title"><a name="idm3"></a>OpenSC tools</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="refentrytitle"><a href="#cardos-tool">cardos-tool</a></span><span class="refpurpose"> — displays information about Card OS-based security tokens or format them
|
|
|
|
|
--></style></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book"><div class="titlepage"><div><div><h1 class="title"><a name="idm1"></a>OpenSC Manuals</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="reference"><a href="#idm3">I. OpenSC tools</a></span></dt><dt><span class="reference"><a href="#idm3621">II. OpenSC file formats</a></span></dt></dl></div><div class="reference"><div class="titlepage"><div><div><h1 class="title"><a name="idm3"></a>OpenSC tools</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="refentrytitle"><a href="#cardos-tool">cardos-tool</a></span><span class="refpurpose"> — displays information about Card OS-based security tokens or format them
|
|
|
|
|
</span></dt><dt><span class="refentrytitle"><a href="#cryptoflex-tool">cryptoflex-tool</a></span><span class="refpurpose"> — utility for manipulating Schlumberger Cryptoflex data structures</span></dt><dt><span class="refentrytitle"><a href="#dnie-tool">dnie-tool</a></span><span class="refpurpose"> — displays information about DNIe based security tokens</span></dt><dt><span class="refentrytitle"><a href="#eidenv">eidenv</a></span><span class="refpurpose"> — utility for accessing visible data from
|
|
|
|
|
electronic identity cards</span></dt><dt><span class="refentrytitle"><a href="#gids-tool">gids-tool</a></span><span class="refpurpose"> — smart card utility for GIDS cards</span></dt><dt><span class="refentrytitle"><a href="#netkey-tool">netkey-tool</a></span><span class="refpurpose"> — administrative utility for Netkey E4 cards</span></dt><dt><span class="refentrytitle"><a href="#cardos-tool">iasecc-tool</a></span><span class="refpurpose"> — displays information about IAS/ECC card
|
|
|
|
|
</span></dt><dt><span class="refentrytitle"><a href="#openpgp-tool">openpgp-tool</a></span><span class="refpurpose"> — utility for accessing visible data OpenPGP smart cards
|
|
|
|
@ -84,12 +84,13 @@ smart cards and similar security tokens based on Siemens Card/OS M4.
|
|
|
|
|
<code class="option">-w</code>
|
|
|
|
|
</span></dt><dd><p>Causes <span class="command"><strong>cardos-tool</strong></span> to wait for the token
|
|
|
|
|
to be inserted into reader.</p></dd></dl></div><p>
|
|
|
|
|
</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="cryptoflex-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>cryptoflex-tool — utility for manipulating Schlumberger Cryptoflex data structures</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">cryptoflex-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm88"></a><h2>Description</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm73"></a><h2>Authors</h2><p><span class="command"><strong>cardos-tool</strong></span> was written by
|
|
|
|
|
Andreas Jellinghaus <code class="email"><<a class="email" href="mailto:aj@dungeon.inka.de">aj@dungeon.inka.de</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="cryptoflex-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>cryptoflex-tool — utility for manipulating Schlumberger Cryptoflex data structures</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">cryptoflex-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm93"></a><h2>Description</h2><p>
|
|
|
|
|
<span class="command"><strong>cryptoflex-tool</strong></span> is used to manipulate PKCS
|
|
|
|
|
data structures on Schlumberger Cryptoflex smart cards. Users
|
|
|
|
|
can create, list and read PINs and keys stored on the smart card.
|
|
|
|
|
User PIN authentication is performed for those operations that require it.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm92"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm97"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--app-df</code> <em class="replaceable"><code>num</code></em>,
|
|
|
|
|
<code class="option">-a</code> <em class="replaceable"><code>num</code></em>
|
|
|
|
@ -151,11 +152,12 @@ smart cards and similar security tokens based on Siemens Card/OS M4.
|
|
|
|
|
<code class="option">-w</code>
|
|
|
|
|
</span></dt><dd><p>Causes <span class="command"><strong>cryptoflex-tool</strong></span> to
|
|
|
|
|
wait for a card insertion.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm213"></a><h2>See also</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm218"></a><h2>See also</h2><p>
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">pkcs15-tool</span>(1)</span>
|
|
|
|
|
</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="dnie-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>dnie-tool — displays information about DNIe based security tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">dnie-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm234"></a><h2>Description</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm224"></a><h2>Authors</h2><p><span class="command"><strong>cryptoflex-tool</strong></span> was written by
|
|
|
|
|
Juha Yrjölä <code class="email"><<a class="email" href="mailto:juha.yrjola@iki.fi">juha.yrjola@iki.fi</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="dnie-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>dnie-tool — displays information about DNIe based security tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">dnie-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm244"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>dnie-tool</strong></span> utility is used to display additional information about DNIe, the Spanish National eID card.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm238"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm248"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--idesp</code>,
|
|
|
|
|
<code class="option">-i</code>
|
|
|
|
@ -203,16 +205,16 @@ smart cards and similar security tokens based on Siemens Card/OS M4.
|
|
|
|
|
</span></dt><dd><p>Causes <span class="command"><strong>dnie-tool</strong></span> to be more verbose.
|
|
|
|
|
Specify this flag several times
|
|
|
|
|
to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm315"></a><h2>See also</h2><p>opensc(7)</p></div><div class="refsect1"><a name="idm318"></a><h2>Authors</h2><p><span class="command"><strong>dnie-tool</strong></span> was written by
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm325"></a><h2>Authors</h2><p><span class="command"><strong>dnie-tool</strong></span> was written by
|
|
|
|
|
Juan Antonio Martinez <code class="email"><<a class="email" href="mailto:jonsito@terra.es">jonsito@terra.es</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="eidenv"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>eidenv — utility for accessing visible data from
|
|
|
|
|
electronic identity cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">eidenv</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm338"></a><h2>Description</h2><p>
|
|
|
|
|
electronic identity cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">eidenv</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm345"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>eidenv</strong></span> utility is used for
|
|
|
|
|
accessing data from electronic identity cards (like
|
|
|
|
|
national eID cards) which might not be present in
|
|
|
|
|
PKCS#15 objects but available in custom files on the
|
|
|
|
|
card. The data can be printed on screen or used by
|
|
|
|
|
other programs via environment variables.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm342"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm349"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--exec</code> <em class="replaceable"><code>prog</code></em>,
|
|
|
|
|
<code class="option">-x</code> <em class="replaceable"><code>prog</code></em>
|
|
|
|
@ -245,11 +247,11 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
<code class="option">--wait</code>,
|
|
|
|
|
<code class="option">-w</code>
|
|
|
|
|
</span></dt><dd><p>Wait for a card to be inserted</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm393"></a><h2>Authors</h2><p><span class="command"><strong>eidenv</strong></span> utility was written by
|
|
|
|
|
Stef Hoeben and Martin Paljak <code class="email"><<a class="email" href="mailto:martin@martinpaljak.net">martin@martinpaljak.net</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="gids-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>gids-tool — smart card utility for GIDS cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">gids-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm413"></a><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm400"></a><h2>Authors</h2><p><span class="command"><strong>eidenv</strong></span> utility was written by
|
|
|
|
|
Stef Hoeben and Martin Paljak <code class="email"><<a class="email" href="mailto:martin@martinpaljak.net">martin@martinpaljak.net</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="gids-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>gids-tool — smart card utility for GIDS cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">gids-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm420"></a><p>
|
|
|
|
|
The <span class="command"><strong>gids-tool</strong></span> utility can be used from the command line to perform
|
|
|
|
|
miscellaneous smart card operations on a GIDS smart card.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm416"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm423"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">-X</code>,
|
|
|
|
|
<code class="option">--initialize</code>
|
|
|
|
@ -284,13 +286,14 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
<code class="option">--verbose</code>
|
|
|
|
|
</span></dt><dd><p>Verbose operation. Use several times to
|
|
|
|
|
enable debug output.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm483"></a><h2>See also</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm490"></a><h2>See also</h2><p>
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">opensc-tool</span>(1)</span>
|
|
|
|
|
</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="netkey-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>netkey-tool — administrative utility for Netkey E4 cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">netkey-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>] [<em class="replaceable"><code>COMMAND</code></em>]</p></div></div><div class="refsect1"><a name="idm506"></a><h2>Description</h2><p>The <span class="command"><strong>netkey-tool</strong></span> utility can be used from the
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm496"></a><h2>Authors</h2><p><span class="command"><strong>gids-tool</strong></span> was written by
|
|
|
|
|
Vincent Le Toux <code class="email"><<a class="email" href="mailto:vincent.letoux@mysmartlogon.com">vincent.letoux@mysmartlogon.com</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="netkey-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>netkey-tool — administrative utility for Netkey E4 cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">netkey-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>] [<em class="replaceable"><code>COMMAND</code></em>]</p></div></div><div class="refsect1"><a name="idm518"></a><h2>Description</h2><p>The <span class="command"><strong>netkey-tool</strong></span> utility can be used from the
|
|
|
|
|
command line to perform some smart card operations with NetKey E4 cards
|
|
|
|
|
that cannot be done easily with other OpenSC-tools, such as changing local
|
|
|
|
|
PINs, storing certificates into empty NetKey E4 cert-files or displaying
|
|
|
|
|
the initial PUK-value.</p></div><div class="refsect1"><a name="idm510"></a><h2>Options</h2><p>
|
|
|
|
|
the initial PUK-value.</p></div><div class="refsect1"><a name="idm522"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--help</code>,
|
|
|
|
|
<code class="option">-h</code>
|
|
|
|
@ -318,11 +321,11 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
<code class="option">-v</code>
|
|
|
|
|
</span></dt><dd><p>Causes <span class="command"><strong>netkey-tool</strong></span> to be more verbose. This
|
|
|
|
|
options may be specified multiple times to increase verbosity.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm567"></a><h2>PIN format</h2><p>With the <code class="option">-p</code>, <code class="option">-u</code>, <code class="option">-0</code> or the <code class="option">-1</code>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm579"></a><h2>PIN format</h2><p>With the <code class="option">-p</code>, <code class="option">-u</code>, <code class="option">-0</code> or the <code class="option">-1</code>
|
|
|
|
|
one of the cards pins may be specified. You may use plain ascii-strings (i.e. 123456) or a hex-string
|
|
|
|
|
(i.e. 31:32:33:34:35:36). A hex-string must consist of exactly n 2-digit hexnumbers separated by n-1 colons.
|
|
|
|
|
Otherwise it will be interpreted as an ascii string. For example :12:34: and 1:2:3:4 are both pins of
|
|
|
|
|
length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4.</p></div><div class="refsect1"><a name="idm574"></a><h2>Commands</h2><p>When used without any options or commands, <span class="command"><strong>netkey-tool</strong></span> will
|
|
|
|
|
length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4.</p></div><div class="refsect1"><a name="idm586"></a><h2>Commands</h2><p>When used without any options or commands, <span class="command"><strong>netkey-tool</strong></span> will
|
|
|
|
|
display information about the smart cards pins and certificates. This will not change
|
|
|
|
|
your card in any aspect (assumed there are no bugs in <span class="command"><strong>netkey-tool</strong></span>).
|
|
|
|
|
In particular the tries-left counters of the pins are investigated without doing
|
|
|
|
@ -364,13 +367,13 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</span></dt><dd><p>This unblocks the specified pin. You must specify another pin
|
|
|
|
|
to be able to do this and if you don't specify a correct one,
|
|
|
|
|
<span class="command"><strong>netkey-tool</strong></span> will tell you which one is needed.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm635"></a><h2>See also</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm647"></a><h2>See also</h2><p>
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">opensc-explorer</span>(1)</span>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm641"></a><h2>Authors</h2><p><span class="command"><strong>netkey-tool</strong></span> was written by
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm653"></a><h2>Authors</h2><p><span class="command"><strong>netkey-tool</strong></span> was written by
|
|
|
|
|
Peter Koch <code class="email"><<a class="email" href="mailto:pk_opensc@web.de">pk_opensc@web.de</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="cardos-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>iasecc-tool — displays information about IAS/ECC card
|
|
|
|
|
</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">iasecc-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm661"></a><h2>Description</h2><p>
|
|
|
|
|
</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">iasecc-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm673"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>iasecc-tool</strong></span> utility is used to display information about IAS/ECC v1.0.1 smart cards.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm665"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm677"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--reader</code> <em class="replaceable"><code>number</code></em>,
|
|
|
|
|
</span></dt><dd><p>
|
|
|
|
@ -394,8 +397,9 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
<code class="option">-w</code>
|
|
|
|
|
</span></dt><dd><p>Causes <span class="command"><strong>iasecc-tool</strong></span> to wait for the token
|
|
|
|
|
to be inserted into reader.</p></dd></dl></div><p>
|
|
|
|
|
</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="openpgp-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>openpgp-tool — utility for accessing visible data OpenPGP smart cards
|
|
|
|
|
and compatible tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">openpgp-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm724"></a><h2>Description</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm721"></a><h2>Authors</h2><p><span class="command"><strong>iasecc-tool</strong></span> was written by
|
|
|
|
|
Viktor Tarasov <code class="email"><<a class="email" href="mailto:viktor.tarasov@gmail.com">viktor.tarasov@gmail.com</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="openpgp-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>openpgp-tool — utility for accessing visible data OpenPGP smart cards
|
|
|
|
|
and compatible tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">openpgp-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm741"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>openpgp-tool</strong></span> utility is used for
|
|
|
|
|
accessing data from the OpenPGP v1.1 and v2.0 smart cards
|
|
|
|
|
and compatible tokens like e.g. GPF CryptoStick v1.x,
|
|
|
|
@ -403,7 +407,7 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
PKCS#15 objects but available in custom files on the
|
|
|
|
|
card. The data can be printed on screen or used by
|
|
|
|
|
other programs via environment variables.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm728"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm745"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--exec</code> <em class="replaceable"><code>prog</code></em>,
|
|
|
|
|
<code class="option">-x</code> <em class="replaceable"><code>prog</code></em>
|
|
|
|
@ -472,12 +476,12 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</span></dt><dd><p>
|
|
|
|
|
Wait for a card to be inserted.
|
|
|
|
|
</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm819"></a><h2>Authors</h2><p><span class="command"><strong>openpgp-tool</strong></span> utility was written by
|
|
|
|
|
Peter Marschall <code class="email"><<a class="email" href="mailto:peter@adpm.de">peter@adpm.de</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="netkey-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>netkey-tool — administrative utility for Netkey E4 cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">netkey-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>] [<em class="replaceable"><code>COMMAND</code></em>]</p></div></div><div class="refsect1"><a name="idm841"></a><h2>Description</h2><p>The <span class="command"><strong>netkey-tool</strong></span> utility can be used from the
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm836"></a><h2>Authors</h2><p><span class="command"><strong>openpgp-tool</strong></span> utility was written by
|
|
|
|
|
Peter Marschall <code class="email"><<a class="email" href="mailto:peter@adpm.de">peter@adpm.de</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="netkey-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>netkey-tool — administrative utility for Netkey E4 cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">netkey-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>] [<em class="replaceable"><code>COMMAND</code></em>]</p></div></div><div class="refsect1"><a name="idm858"></a><h2>Description</h2><p>The <span class="command"><strong>netkey-tool</strong></span> utility can be used from the
|
|
|
|
|
command line to perform some smart card operations with NetKey E4 cards
|
|
|
|
|
that cannot be done easily with other OpenSC-tools, such as changing local
|
|
|
|
|
PINs, storing certificates into empty NetKey E4 cert-files or displaying
|
|
|
|
|
the initial PUK-value.</p></div><div class="refsect1"><a name="idm845"></a><h2>Options</h2><p>
|
|
|
|
|
the initial PUK-value.</p></div><div class="refsect1"><a name="idm862"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--help</code>,
|
|
|
|
|
<code class="option">-h</code>
|
|
|
|
@ -505,11 +509,11 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
<code class="option">-v</code>
|
|
|
|
|
</span></dt><dd><p>Causes <span class="command"><strong>netkey-tool</strong></span> to be more verbose. This
|
|
|
|
|
options may be specified multiple times to increase verbosity.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm902"></a><h2>PIN format</h2><p>With the <code class="option">-p</code>, <code class="option">-u</code>, <code class="option">-0</code> or the <code class="option">-1</code>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm919"></a><h2>PIN format</h2><p>With the <code class="option">-p</code>, <code class="option">-u</code>, <code class="option">-0</code> or the <code class="option">-1</code>
|
|
|
|
|
one of the cards pins may be specified. You may use plain ascii-strings (i.e. 123456) or a hex-string
|
|
|
|
|
(i.e. 31:32:33:34:35:36). A hex-string must consist of exactly n 2-digit hexnumbers separated by n-1 colons.
|
|
|
|
|
Otherwise it will be interpreted as an ascii string. For example :12:34: and 1:2:3:4 are both pins of
|
|
|
|
|
length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4.</p></div><div class="refsect1"><a name="idm909"></a><h2>Commands</h2><p>When used without any options or commands, <span class="command"><strong>netkey-tool</strong></span> will
|
|
|
|
|
length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4.</p></div><div class="refsect1"><a name="idm926"></a><h2>Commands</h2><p>When used without any options or commands, <span class="command"><strong>netkey-tool</strong></span> will
|
|
|
|
|
display information about the smart cards pins and certificates. This will not change
|
|
|
|
|
your card in any aspect (assumed there are no bugs in <span class="command"><strong>netkey-tool</strong></span>).
|
|
|
|
|
In particular the tries-left counters of the pins are investigated without doing
|
|
|
|
@ -551,11 +555,11 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</span></dt><dd><p>This unblocks the specified pin. You must specify another pin
|
|
|
|
|
to be able to do this and if you don't specify a correct one,
|
|
|
|
|
<span class="command"><strong>netkey-tool</strong></span> will tell you which one is needed.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm970"></a><h2>See also</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm987"></a><h2>See also</h2><p>
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">opensc-explorer</span>(1)</span>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm976"></a><h2>Authors</h2><p><span class="command"><strong>netkey-tool</strong></span> was written by
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm993"></a><h2>Authors</h2><p><span class="command"><strong>netkey-tool</strong></span> was written by
|
|
|
|
|
Peter Koch <code class="email"><<a class="email" href="mailto:pk_opensc@web.de">pk_opensc@web.de</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="openpgp-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>openpgp-tool — utility for accessing visible data OpenPGP smart cards
|
|
|
|
|
and compatible tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">openpgp-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm996"></a><h2>Description</h2><p>
|
|
|
|
|
and compatible tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">openpgp-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm1013"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>openpgp-tool</strong></span> utility is used for
|
|
|
|
|
accessing data from the OpenPGP v1.1 and v2.0 smart cards
|
|
|
|
|
and compatible tokens like e.g. GPF CryptoStick v1.x,
|
|
|
|
@ -563,7 +567,7 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
PKCS#15 objects but available in custom files on the
|
|
|
|
|
card. The data can be printed on screen or used by
|
|
|
|
|
other programs via environment variables.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1000"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1017"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--exec</code> <em class="replaceable"><code>prog</code></em>,
|
|
|
|
|
<code class="option">-x</code> <em class="replaceable"><code>prog</code></em>
|
|
|
|
@ -632,12 +636,12 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</span></dt><dd><p>
|
|
|
|
|
Wait for a card to be inserted.
|
|
|
|
|
</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1091"></a><h2>Authors</h2><p><span class="command"><strong>openpgp-tool</strong></span> utility was written by
|
|
|
|
|
Peter Marschall <code class="email"><<a class="email" href="mailto:peter@adpm.de">peter@adpm.de</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="opensc-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>opensc-tool — generic smart card utility</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">opensc-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm1111"></a><h2>Description</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1108"></a><h2>Authors</h2><p><span class="command"><strong>openpgp-tool</strong></span> utility was written by
|
|
|
|
|
Peter Marschall <code class="email"><<a class="email" href="mailto:peter@adpm.de">peter@adpm.de</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="opensc-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>opensc-tool — generic smart card utility</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">opensc-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm1128"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>opensc-tool</strong></span> utility can be used from the command line to perform
|
|
|
|
|
miscellaneous smart card operations such as getting the card ATR or
|
|
|
|
|
sending arbitrary APDU commands to a card.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1115"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1132"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--version</code>,
|
|
|
|
|
</span></dt><dd><p>Print the OpenSC package release version.</p></dd><dt><span class="term">
|
|
|
|
@ -697,17 +701,18 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
<code class="option">--wait</code>,
|
|
|
|
|
<code class="option">-w</code>
|
|
|
|
|
</span></dt><dd><p>Wait for a card to be inserted.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1232"></a><h2>See also</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1249"></a><h2>See also</h2><p>
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">opensc-explorer</span>(1)</span>
|
|
|
|
|
</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="opensc-explorer"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>opensc-explorer —
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1255"></a><h2>Authors</h2><p><span class="command"><strong>opensc-tool</strong></span> was written by
|
|
|
|
|
Juha Yrjölä <code class="email"><<a class="email" href="mailto:juha.yrjola@iki.fi">juha.yrjola@iki.fi</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="opensc-explorer"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>opensc-explorer —
|
|
|
|
|
generic interactive utility for accessing smart card
|
|
|
|
|
and similar security token functions
|
|
|
|
|
</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">opensc-explorer</code> [<em class="replaceable"><code>OPTIONS</code></em>] [<em class="replaceable"><code>SCRIPT</code></em>]</p></div></div><div class="refsect1"><a name="idm1255"></a><h2>Description</h2><p>
|
|
|
|
|
</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">opensc-explorer</code> [<em class="replaceable"><code>OPTIONS</code></em>] [<em class="replaceable"><code>SCRIPT</code></em>]</p></div></div><div class="refsect1"><a name="idm1277"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>opensc-explorer</strong></span> utility can be
|
|
|
|
|
used interactively to perform miscellaneous operations
|
|
|
|
|
such as exploring the contents of or sending arbitrary
|
|
|
|
|
APDU commands to a smart card or similar security token.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1259"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1281"></a><h2>Options</h2><p>
|
|
|
|
|
The following are the command-line options for
|
|
|
|
|
<span class="command"><strong>opensc-explorer</strong></span>. There are additional
|
|
|
|
|
interactive commands available once it is running.
|
|
|
|
@ -742,189 +747,190 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<code class="option">--wait</code>, <code class="option">-w</code>
|
|
|
|
|
</span></dt><dd><p>Wait for a card to be inserted</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1304"></a><h2>Commands</h2><p>
|
|
|
|
|
The following commands are supported at <span class="command"><strong>opensc-explorer</strong></span>'s
|
|
|
|
|
interactive prompt or in script files passed via the command line parameter
|
|
|
|
|
<em class="replaceable"><code>SCRIPT</code></em>.
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>apdu</strong></span> <em class="replaceable"><code>hex-data</code></em>
|
|
|
|
|
</span></dt><dd><p>Send a custom APDU command <em class="replaceable"><code>hex-data</code></em>.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>asn1</strong></span> <em class="replaceable"><code>file-id</code></em>
|
|
|
|
|
</span></dt><dd><p>Parse and print the ASN.1 encoded content of the file specified by
|
|
|
|
|
<em class="replaceable"><code>file-id</code></em>.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>cat</strong></span> [<em class="replaceable"><code>file-id</code></em> | sfi:<em class="replaceable"><code>short-id</code></em>]
|
|
|
|
|
</span></dt><dd><p>Print the contents of the currently selected EF or the contents
|
|
|
|
|
of a file specified by <em class="replaceable"><code>file-id</code></em> or the short file id
|
|
|
|
|
<em class="replaceable"><code>short-id</code></em>.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>cd</strong></span> {.. | <em class="replaceable"><code>file-id</code></em> | aid:<em class="replaceable"><code>DF-name</code></em>}
|
|
|
|
|
</span></dt><dd><p>
|
|
|
|
|
Change to another DF specified by the argument passed.
|
|
|
|
|
If the argument given is <code class="literal">..</code>, then move up one level in the
|
|
|
|
|
file system hierarchy.
|
|
|
|
|
If it is <em class="replaceable"><code>file-id</code></em>, which must be a DF directly
|
|
|
|
|
beneath the current DF, then change to that DF.
|
|
|
|
|
If it is an application identifier given as
|
|
|
|
|
<code class="literal">aid:</code><em class="replaceable"><code>DF-name</code></em>,
|
|
|
|
|
then jump to the MF of the application denoted by
|
|
|
|
|
<em class="replaceable"><code>DF-name</code></em>.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>change</strong></span> CHV<em class="replaceable"><code>pin-ref</code></em> [[<em class="replaceable"><code>old-pin</code></em>] <em class="replaceable"><code>new-pin</code></em>]
|
|
|
|
|
</span></dt><dd><p>Change a PIN, where <em class="replaceable"><code>pin-ref</code></em> is the PIN reference.</p><p>
|
|
|
|
|
Examples:
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="code">change CHV2 00:00:00:00:00:00 "foobar"</code></span></dt><dd><p>
|
|
|
|
|
Change PIN <code class="literal">CHV2</code>
|
|
|
|
|
to the new value <code class="literal">foobar</code>,
|
|
|
|
|
giving the old value <code class="literal">00:00:00:00:00:00</code>.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">change CHV2 "foobar"</code></span></dt><dd><p>
|
|
|
|
|
Set PIN <code class="literal">CHV2</code>
|
|
|
|
|
to the new value <code class="literal">foobar</code>.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">change CHV2</code></span></dt><dd><p>
|
|
|
|
|
Change PIN <code class="literal">CHV2</code> using the card reader's pinpad.
|
|
|
|
|
</p></dd></dl></div><p>
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>create</strong></span> <em class="replaceable"><code>file-id</code></em> <em class="replaceable"><code>size</code></em>
|
|
|
|
|
</span></dt><dd><p>Create a new EF. <em class="replaceable"><code>file-id</code></em> specifies the
|
|
|
|
|
id number and <em class="replaceable"><code>size</code></em> is the size of the new file.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>debug</strong></span> [<em class="replaceable"><code>level</code></em>]
|
|
|
|
|
</span></dt><dd><p>Set OpenSC debug level to <em class="replaceable"><code>level</code></em>.</p><p>If <em class="replaceable"><code>level</code></em> is omitted the current debug level will be shown.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>delete</strong></span> <em class="replaceable"><code>file-id</code></em>
|
|
|
|
|
</span></dt><dd><p>Remove the EF or DF specified by <em class="replaceable"><code>file-id</code></em></p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>do_get</strong></span> <em class="replaceable"><code>hex-tag</code></em> [<em class="replaceable"><code>output</code></em>]
|
|
|
|
|
</span></dt><dd><p>Copy the internal card's 'tagged' data into the local file.</p><p>The local file is specified by <em class="replaceable"><code>output</code></em> while the tag of
|
|
|
|
|
the card's data is specified by <em class="replaceable"><code>hex-tag</code></em>.
|
|
|
|
|
</p><p>
|
|
|
|
|
If <em class="replaceable"><code>output</code></em> is omitted, the name of the output file will be
|
|
|
|
|
derived from <em class="replaceable"><code>hex-tag</code></em>.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>do_put</strong></span> <em class="replaceable"><code>hex-tag</code></em> <em class="replaceable"><code>input</code></em>
|
|
|
|
|
</span></dt><dd><p>Update internal card's 'tagged' data. </p><p><em class="replaceable"><code>hex-tag</code></em> is the tag of the card's data.
|
|
|
|
|
<em class="replaceable"><code>input</code></em> is the filename of the source file or the literal data presented as
|
|
|
|
|
a sequence of hexadecimal values or <code class="literal">"</code> enclosed string.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>echo</strong></span> <em class="replaceable"><code>string</code></em> ...
|
|
|
|
|
</span></dt><dd><p>Print the <em class="replaceable"><code>string</code></em>s given.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>erase</strong></span>
|
|
|
|
|
</span></dt><dd><p>Erase the card, if the card supports it.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>get</strong></span> <em class="replaceable"><code>file-id</code></em> [<em class="replaceable"><code>output</code></em>]
|
|
|
|
|
</span></dt><dd><p>Copy an EF to a local file. The local file is specified
|
|
|
|
|
by <em class="replaceable"><code>output</code></em> while the card file is specified by <em class="replaceable"><code>file-id</code></em>.
|
|
|
|
|
</p><p>
|
|
|
|
|
If <em class="replaceable"><code>output</code></em> is omitted, the name of the output file will be
|
|
|
|
|
derived from the full card path to <em class="replaceable"><code>file-id</code></em>.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>info</strong></span> [<em class="replaceable"><code>file-id</code></em>]
|
|
|
|
|
</span></dt><dd><p>Display attributes of a file specified by <em class="replaceable"><code>file-id</code></em>.
|
|
|
|
|
If <em class="replaceable"><code>file-id</code></em> is not supplied,
|
|
|
|
|
the attributes of the current file are printed.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>ls</strong></span> [<em class="replaceable"><code>pattern</code></em> ...]
|
|
|
|
|
</span></dt><dd><p>List files in the current DF.
|
|
|
|
|
If no <em class="replaceable"><code>pattern</code></em> is given, then all files are listed.
|
|
|
|
|
If one ore more <em class="replaceable"><code>pattern</code></em>s are given, only files matching
|
|
|
|
|
at least one <em class="replaceable"><code>pattern</code></em> are listed.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>find</strong></span> [<em class="replaceable"><code>start-id</code></em> [<em class="replaceable"><code>end-id</code></em>]]
|
|
|
|
|
</span></dt><dd><p>Find all files in the current DF.
|
|
|
|
|
Files are found by selecting all file identifiers in the range from <em class="replaceable"><code>start-fid</code></em> to <em class="replaceable"><code>end-fid</code></em> (by default from 0000 to FFFF).</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>find_tags</strong></span> [<em class="replaceable"><code>start-tag</code></em> [<em class="replaceable"><code>end-tag</code></em>]]
|
|
|
|
|
</span></dt><dd><p>Find all tags of data objects in the current context.
|
|
|
|
|
Tags are found by using GET DATA in the range from <em class="replaceable"><code>start-tag</code></em> to <em class="replaceable"><code>end-tag</code></em> (by default from 0000 to FFFF).</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>mkdir</strong></span> <em class="replaceable"><code>file-id</code></em> <em class="replaceable"><code>size</code></em>
|
|
|
|
|
</span></dt><dd><p>Create a DF. <em class="replaceable"><code>file-id</code></em> specifies the id number
|
|
|
|
|
and <em class="replaceable"><code>size</code></em> is the size of the new file.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>put</strong></span> <em class="replaceable"><code>file-id</code></em> <em class="replaceable"><code>input</code></em>
|
|
|
|
|
</span></dt><dd><p>Copy a local file to the card. The local file is specified
|
|
|
|
|
by <em class="replaceable"><code>input</code></em> while the card file is specified by <em class="replaceable"><code>file-id</code></em>.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>quit</strong></span>
|
|
|
|
|
</span></dt><dd><p>Exit the program.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>random</strong></span> <em class="replaceable"><code>count</code></em>
|
|
|
|
|
</span></dt><dd><p>Generate random sequence of <em class="replaceable"><code>count</code></em> bytes.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>rm</strong></span> <em class="replaceable"><code>file-id</code></em>
|
|
|
|
|
</span></dt><dd><p>Remove the EF or DF specified by <em class="replaceable"><code>file-id</code></em></p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>unblock</strong></span> CHV<em class="replaceable"><code>pin-ref</code></em> [<em class="replaceable"><code>puk</code></em> [<em class="replaceable"><code>new pin</code></em>]]
|
|
|
|
|
</span></dt><dd><p>
|
|
|
|
|
Unblock the PIN denoted by <em class="replaceable"><code>pin-ref</code></em>
|
|
|
|
|
using the PUK <em class="replaceable"><code>puk</code></em>, and set potentially
|
|
|
|
|
change its value to <em class="replaceable"><code>new pin</code></em>.
|
|
|
|
|
</p><p>
|
|
|
|
|
PUK and PIN values can be a sequence of hexadecimal values,
|
|
|
|
|
<code class="literal">"</code>-enclosed strings, empty (<code class="literal">""</code>),
|
|
|
|
|
or absent.
|
|
|
|
|
If they are absent, the values are read from the card reader's pin pad.
|
|
|
|
|
</p><p>
|
|
|
|
|
Examples:
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="code">unblock CHV2 00:00:00:00:00:00 "foobar"</code></span></dt><dd><p>
|
|
|
|
|
Unblock PIN <code class="literal">CHV2</code> using PUK
|
|
|
|
|
<code class="literal">00:00:00:00:00:00</code>
|
|
|
|
|
and set it to the new value <code class="literal">foobar</code>.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">unblock CHV2 00:00:00:00:00:00 ""</code></span></dt><dd><p>
|
|
|
|
|
Unblock PIN <code class="literal">CHV2</code> using PUK
|
|
|
|
|
<code class="literal">00:00:00:00:00:00</code> keeping the old value.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">unblock CHV2 "" "foobar"</code></span></dt><dd><p>
|
|
|
|
|
Set new value of PIN <code class="literal">CHV2</code>
|
|
|
|
|
to <code class="literal">foobar</code>.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">unblock CHV2 00:00:00:00:00:00</code></span></dt><dd><p>
|
|
|
|
|
Unblock PIN <code class="literal">CHV2</code> using PUK
|
|
|
|
|
<code class="literal">00:00:00:00:00:00</code>.
|
|
|
|
|
The new PIN value is prompted by pinpad.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">unblock CHV2 ""</code></span></dt><dd><p>
|
|
|
|
|
Set PIN <code class="literal">CHV2</code>.
|
|
|
|
|
The new PIN value is prompted by pinpad.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">unblock CHV2</code></span></dt><dd><p>
|
|
|
|
|
Unblock PIN <code class="literal">CHV2</code>.
|
|
|
|
|
The unblock code and new PIN value are prompted by pinpad.
|
|
|
|
|
</p></dd></dl></div><p>
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>update_binary</strong></span> <em class="replaceable"><code>file-id</code></em> <em class="replaceable"><code>offs</code></em> <em class="replaceable"><code>data</code></em>
|
|
|
|
|
</span></dt><dd><p>Binary update of the file specified by
|
|
|
|
|
<em class="replaceable"><code>file-id</code></em> with the literal data
|
|
|
|
|
<em class="replaceable"><code>data</code></em> starting from offset specified
|
|
|
|
|
by <em class="replaceable"><code>offs</code></em>.</p><p><em class="replaceable"><code>data</code></em> can be supplied as a sequencer
|
|
|
|
|
of the hex values or as a <code class="literal">"</code> enclosed string. </p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>update_record</strong></span> <em class="replaceable"><code>file-id</code></em> <em class="replaceable"><code>rec-nr</code></em> <em class="replaceable"><code>rec-offs</code></em> <em class="replaceable"><code>data</code></em>
|
|
|
|
|
</span></dt><dd><p>Update record specified by <em class="replaceable"><code>rec-nr</code></em> of the file
|
|
|
|
|
specified by <em class="replaceable"><code>file-id</code></em> with the literal data
|
|
|
|
|
<em class="replaceable"><code>data</code></em> starting from offset specified by
|
|
|
|
|
<em class="replaceable"><code>rec-offs</code></em>.</p><p><em class="replaceable"><code>data</code></em> can be supplied as a sequence of the hex values or
|
|
|
|
|
as a <code class="literal">"</code> enclosed string. </p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>verify</strong></span> <em class="replaceable"><code>key-type</code></em> <em class="replaceable"><code>key-id</code></em> [<em class="replaceable"><code>key</code></em>]
|
|
|
|
|
</span></dt><dd><p>Present a PIN or key to the card, where
|
|
|
|
|
<em class="replaceable"><code>key-type</code></em> can be one of <code class="literal">CHV</code>,
|
|
|
|
|
<code class="literal">KEY</code>, <code class="literal">AUT</code> or <code class="literal">PRO</code>.
|
|
|
|
|
<em class="replaceable"><code>key-id</code></em> is a number representing the key or PIN reference.
|
|
|
|
|
<em class="replaceable"><code>key</code></em> is the key or PIN to be verified, formatted as a
|
|
|
|
|
colon-separated list of hex values or a <code class="literal">"</code> enclosed string.
|
|
|
|
|
</p><p>
|
|
|
|
|
If <em class="replaceable"><code>key</code></em> is omitted, the exact action depends on the
|
|
|
|
|
card reader's features: if the card readers supports PIN input via a pin pad,
|
|
|
|
|
then the PIN will be verified using the card reader's pin pad.
|
|
|
|
|
If the card reader does not support PIN input, then the PIN will be asked
|
|
|
|
|
interactively.
|
|
|
|
|
</p><p>
|
|
|
|
|
Examples:
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="code">verify CHV0 31:32:33:34:00:00:00:00</code></span></dt><dd><p>
|
|
|
|
|
Verify <code class="literal">CHV2</code> using the hex value
|
|
|
|
|
<code class="literal">31:32:33:34:00:00:00:00</code>
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">verify CHV1 "secret"</code></span></dt><dd><p>
|
|
|
|
|
Verify <code class="literal">CHV1</code>
|
|
|
|
|
using the string value <code class="literal">secret</code>.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">verify KEY2</code></span></dt><dd><p>
|
|
|
|
|
Verify <code class="literal">KEY2</code>,
|
|
|
|
|
get the value from the card reader's pin pad.
|
|
|
|
|
</p></dd></dl></div><p>
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>sm</strong></span> <em class="replaceable"><code>[open]</code></em>|<em class="replaceable"><code>[close]</code></em>
|
|
|
|
|
</span></dt><dd><p>Calls the card's <em class="replaceable"><code>open</code></em> or <em class="replaceable"><code>close</code></em> Secure Messaging handler.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1658"></a><h2>See also</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1326"></a><h2>Commands</h2><p>
|
|
|
|
|
The following commands are supported at <span class="command"><strong>opensc-explorer</strong></span>'s
|
|
|
|
|
interactive prompt or in script files passed via the command line parameter
|
|
|
|
|
<em class="replaceable"><code>SCRIPT</code></em>.
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>apdu</strong></span> <em class="replaceable"><code>hex-data</code></em>
|
|
|
|
|
</span></dt><dd><p>Send a custom APDU command <em class="replaceable"><code>hex-data</code></em>.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>asn1</strong></span> <em class="replaceable"><code>file-id</code></em>
|
|
|
|
|
</span></dt><dd><p>Parse and print the ASN.1 encoded content of the file specified by
|
|
|
|
|
<em class="replaceable"><code>file-id</code></em>.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>cat</strong></span> [<em class="replaceable"><code>file-id</code></em> | sfi:<em class="replaceable"><code>short-id</code></em>]
|
|
|
|
|
</span></dt><dd><p>Print the contents of the currently selected EF or the contents
|
|
|
|
|
of a file specified by <em class="replaceable"><code>file-id</code></em> or the short file id
|
|
|
|
|
<em class="replaceable"><code>short-id</code></em>.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>cd</strong></span> {.. | <em class="replaceable"><code>file-id</code></em> | aid:<em class="replaceable"><code>DF-name</code></em>}
|
|
|
|
|
</span></dt><dd><p>
|
|
|
|
|
Change to another DF specified by the argument passed.
|
|
|
|
|
If the argument given is <code class="literal">..</code>, then move up one level in the
|
|
|
|
|
file system hierarchy.
|
|
|
|
|
If it is <em class="replaceable"><code>file-id</code></em>, which must be a DF directly
|
|
|
|
|
beneath the current DF, then change to that DF.
|
|
|
|
|
If it is an application identifier given as
|
|
|
|
|
<code class="literal">aid:</code><em class="replaceable"><code>DF-name</code></em>,
|
|
|
|
|
then jump to the MF of the application denoted by
|
|
|
|
|
<em class="replaceable"><code>DF-name</code></em>.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>change</strong></span> CHV<em class="replaceable"><code>pin-ref</code></em> [[<em class="replaceable"><code>old-pin</code></em>] <em class="replaceable"><code>new-pin</code></em>]
|
|
|
|
|
</span></dt><dd><p>Change a PIN, where <em class="replaceable"><code>pin-ref</code></em> is the PIN reference.</p><p>
|
|
|
|
|
Examples:
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="code">change CHV2 00:00:00:00:00:00 "foobar"</code></span></dt><dd><p>
|
|
|
|
|
Change PIN <code class="literal">CHV2</code>
|
|
|
|
|
to the new value <code class="literal">foobar</code>,
|
|
|
|
|
giving the old value <code class="literal">00:00:00:00:00:00</code>.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">change CHV2 "foobar"</code></span></dt><dd><p>
|
|
|
|
|
Set PIN <code class="literal">CHV2</code>
|
|
|
|
|
to the new value <code class="literal">foobar</code>.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">change CHV2</code></span></dt><dd><p>
|
|
|
|
|
Change PIN <code class="literal">CHV2</code> using the card reader's pinpad.
|
|
|
|
|
</p></dd></dl></div><p>
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>create</strong></span> <em class="replaceable"><code>file-id</code></em> <em class="replaceable"><code>size</code></em>
|
|
|
|
|
</span></dt><dd><p>Create a new EF. <em class="replaceable"><code>file-id</code></em> specifies the
|
|
|
|
|
id number and <em class="replaceable"><code>size</code></em> is the size of the new file.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>debug</strong></span> [<em class="replaceable"><code>level</code></em>]
|
|
|
|
|
</span></dt><dd><p>Set OpenSC debug level to <em class="replaceable"><code>level</code></em>.</p><p>If <em class="replaceable"><code>level</code></em> is omitted the current debug level will be shown.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>delete</strong></span> <em class="replaceable"><code>file-id</code></em>
|
|
|
|
|
</span></dt><dd><p>Remove the EF or DF specified by <em class="replaceable"><code>file-id</code></em></p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>do_get</strong></span> <em class="replaceable"><code>hex-tag</code></em> [<em class="replaceable"><code>output</code></em>]
|
|
|
|
|
</span></dt><dd><p>Copy the internal card's 'tagged' data into the local file.</p><p>The local file is specified by <em class="replaceable"><code>output</code></em> while the tag of
|
|
|
|
|
the card's data is specified by <em class="replaceable"><code>hex-tag</code></em>.
|
|
|
|
|
</p><p>
|
|
|
|
|
If <em class="replaceable"><code>output</code></em> is omitted, the name of the output file will be
|
|
|
|
|
derived from <em class="replaceable"><code>hex-tag</code></em>.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>do_put</strong></span> <em class="replaceable"><code>hex-tag</code></em> <em class="replaceable"><code>input</code></em>
|
|
|
|
|
</span></dt><dd><p>Update internal card's 'tagged' data. </p><p><em class="replaceable"><code>hex-tag</code></em> is the tag of the card's data.
|
|
|
|
|
<em class="replaceable"><code>input</code></em> is the filename of the source file or the literal data presented as
|
|
|
|
|
a sequence of hexadecimal values or <code class="literal">"</code> enclosed string.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>echo</strong></span> <em class="replaceable"><code>string</code></em> ...
|
|
|
|
|
</span></dt><dd><p>Print the <em class="replaceable"><code>string</code></em>s given.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>erase</strong></span>
|
|
|
|
|
</span></dt><dd><p>Erase the card, if the card supports it.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>get</strong></span> <em class="replaceable"><code>file-id</code></em> [<em class="replaceable"><code>output</code></em>]
|
|
|
|
|
</span></dt><dd><p>Copy an EF to a local file. The local file is specified
|
|
|
|
|
by <em class="replaceable"><code>output</code></em> while the card file is specified by <em class="replaceable"><code>file-id</code></em>.
|
|
|
|
|
</p><p>
|
|
|
|
|
If <em class="replaceable"><code>output</code></em> is omitted, the name of the output file will be
|
|
|
|
|
derived from the full card path to <em class="replaceable"><code>file-id</code></em>.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>info</strong></span> [<em class="replaceable"><code>file-id</code></em>]
|
|
|
|
|
</span></dt><dd><p>Display attributes of a file specified by <em class="replaceable"><code>file-id</code></em>.
|
|
|
|
|
If <em class="replaceable"><code>file-id</code></em> is not supplied,
|
|
|
|
|
the attributes of the current file are printed.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>ls</strong></span> [<em class="replaceable"><code>pattern</code></em> ...]
|
|
|
|
|
</span></dt><dd><p>List files in the current DF.
|
|
|
|
|
If no <em class="replaceable"><code>pattern</code></em> is given, then all files are listed.
|
|
|
|
|
If one ore more <em class="replaceable"><code>pattern</code></em>s are given, only files matching
|
|
|
|
|
at least one <em class="replaceable"><code>pattern</code></em> are listed.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>find</strong></span> [<em class="replaceable"><code>start-id</code></em> [<em class="replaceable"><code>end-id</code></em>]]
|
|
|
|
|
</span></dt><dd><p>Find all files in the current DF.
|
|
|
|
|
Files are found by selecting all file identifiers in the range from <em class="replaceable"><code>start-fid</code></em> to <em class="replaceable"><code>end-fid</code></em> (by default from 0000 to FFFF).</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>find_tags</strong></span> [<em class="replaceable"><code>start-tag</code></em> [<em class="replaceable"><code>end-tag</code></em>]]
|
|
|
|
|
</span></dt><dd><p>Find all tags of data objects in the current context.
|
|
|
|
|
Tags are found by using GET DATA in the range from <em class="replaceable"><code>start-tag</code></em> to <em class="replaceable"><code>end-tag</code></em> (by default from 0000 to FFFF).</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>mkdir</strong></span> <em class="replaceable"><code>file-id</code></em> <em class="replaceable"><code>size</code></em>
|
|
|
|
|
</span></dt><dd><p>Create a DF. <em class="replaceable"><code>file-id</code></em> specifies the id number
|
|
|
|
|
and <em class="replaceable"><code>size</code></em> is the size of the new file.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>put</strong></span> <em class="replaceable"><code>file-id</code></em> <em class="replaceable"><code>input</code></em>
|
|
|
|
|
</span></dt><dd><p>Copy a local file to the card. The local file is specified
|
|
|
|
|
by <em class="replaceable"><code>input</code></em> while the card file is specified by <em class="replaceable"><code>file-id</code></em>.
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>quit</strong></span>
|
|
|
|
|
</span></dt><dd><p>Exit the program.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>random</strong></span> <em class="replaceable"><code>count</code></em>
|
|
|
|
|
</span></dt><dd><p>Generate random sequence of <em class="replaceable"><code>count</code></em> bytes.</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>rm</strong></span> <em class="replaceable"><code>file-id</code></em>
|
|
|
|
|
</span></dt><dd><p>Remove the EF or DF specified by <em class="replaceable"><code>file-id</code></em></p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>unblock</strong></span> CHV<em class="replaceable"><code>pin-ref</code></em> [<em class="replaceable"><code>puk</code></em> [<em class="replaceable"><code>new pin</code></em>]]
|
|
|
|
|
</span></dt><dd><p>
|
|
|
|
|
Unblock the PIN denoted by <em class="replaceable"><code>pin-ref</code></em>
|
|
|
|
|
using the PUK <em class="replaceable"><code>puk</code></em>, and set potentially
|
|
|
|
|
change its value to <em class="replaceable"><code>new pin</code></em>.
|
|
|
|
|
</p><p>
|
|
|
|
|
PUK and PIN values can be a sequence of hexadecimal values,
|
|
|
|
|
<code class="literal">"</code>-enclosed strings, empty (<code class="literal">""</code>),
|
|
|
|
|
or absent.
|
|
|
|
|
If they are absent, the values are read from the card reader's pin pad.
|
|
|
|
|
</p><p>
|
|
|
|
|
Examples:
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="code">unblock CHV2 00:00:00:00:00:00 "foobar"</code></span></dt><dd><p>
|
|
|
|
|
Unblock PIN <code class="literal">CHV2</code> using PUK
|
|
|
|
|
<code class="literal">00:00:00:00:00:00</code>
|
|
|
|
|
and set it to the new value <code class="literal">foobar</code>.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">unblock CHV2 00:00:00:00:00:00 ""</code></span></dt><dd><p>
|
|
|
|
|
Unblock PIN <code class="literal">CHV2</code> using PUK
|
|
|
|
|
<code class="literal">00:00:00:00:00:00</code> keeping the old value.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">unblock CHV2 "" "foobar"</code></span></dt><dd><p>
|
|
|
|
|
Set new value of PIN <code class="literal">CHV2</code>
|
|
|
|
|
to <code class="literal">foobar</code>.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">unblock CHV2 00:00:00:00:00:00</code></span></dt><dd><p>
|
|
|
|
|
Unblock PIN <code class="literal">CHV2</code> using PUK
|
|
|
|
|
<code class="literal">00:00:00:00:00:00</code>.
|
|
|
|
|
The new PIN value is prompted by pinpad.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">unblock CHV2 ""</code></span></dt><dd><p>
|
|
|
|
|
Set PIN <code class="literal">CHV2</code>.
|
|
|
|
|
The new PIN value is prompted by pinpad.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">unblock CHV2</code></span></dt><dd><p>
|
|
|
|
|
Unblock PIN <code class="literal">CHV2</code>.
|
|
|
|
|
The unblock code and new PIN value are prompted by pinpad.
|
|
|
|
|
</p></dd></dl></div><p>
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>update_binary</strong></span> <em class="replaceable"><code>file-id</code></em> <em class="replaceable"><code>offs</code></em> <em class="replaceable"><code>data</code></em>
|
|
|
|
|
</span></dt><dd><p>Binary update of the file specified by
|
|
|
|
|
<em class="replaceable"><code>file-id</code></em> with the literal data
|
|
|
|
|
<em class="replaceable"><code>data</code></em> starting from offset specified
|
|
|
|
|
by <em class="replaceable"><code>offs</code></em>.</p><p><em class="replaceable"><code>data</code></em> can be supplied as a sequencer
|
|
|
|
|
of the hex values or as a <code class="literal">"</code> enclosed string. </p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>update_record</strong></span> <em class="replaceable"><code>file-id</code></em> <em class="replaceable"><code>rec-nr</code></em> <em class="replaceable"><code>rec-offs</code></em> <em class="replaceable"><code>data</code></em>
|
|
|
|
|
</span></dt><dd><p>Update record specified by <em class="replaceable"><code>rec-nr</code></em> of the file
|
|
|
|
|
specified by <em class="replaceable"><code>file-id</code></em> with the literal data
|
|
|
|
|
<em class="replaceable"><code>data</code></em> starting from offset specified by
|
|
|
|
|
<em class="replaceable"><code>rec-offs</code></em>.</p><p><em class="replaceable"><code>data</code></em> can be supplied as a sequence of the hex values or
|
|
|
|
|
as a <code class="literal">"</code> enclosed string. </p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>verify</strong></span> <em class="replaceable"><code>key-type</code></em> <em class="replaceable"><code>key-id</code></em> [<em class="replaceable"><code>key</code></em>]
|
|
|
|
|
</span></dt><dd><p>Present a PIN or key to the card, where
|
|
|
|
|
<em class="replaceable"><code>key-type</code></em> can be one of <code class="literal">CHV</code>,
|
|
|
|
|
<code class="literal">KEY</code>, <code class="literal">AUT</code> or <code class="literal">PRO</code>.
|
|
|
|
|
<em class="replaceable"><code>key-id</code></em> is a number representing the key or PIN reference.
|
|
|
|
|
<em class="replaceable"><code>key</code></em> is the key or PIN to be verified, formatted as a
|
|
|
|
|
colon-separated list of hex values or a <code class="literal">"</code> enclosed string.
|
|
|
|
|
</p><p>
|
|
|
|
|
If <em class="replaceable"><code>key</code></em> is omitted, the exact action depends on the
|
|
|
|
|
card reader's features: if the card readers supports PIN input via a pin pad,
|
|
|
|
|
then the PIN will be verified using the card reader's pin pad.
|
|
|
|
|
If the card reader does not support PIN input, then the PIN will be asked
|
|
|
|
|
interactively.
|
|
|
|
|
</p><p>
|
|
|
|
|
Examples:
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="code">verify CHV0 31:32:33:34:00:00:00:00</code></span></dt><dd><p>
|
|
|
|
|
Verify <code class="literal">CHV2</code> using the hex value
|
|
|
|
|
<code class="literal">31:32:33:34:00:00:00:00</code>
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">verify CHV1 "secret"</code></span></dt><dd><p>
|
|
|
|
|
Verify <code class="literal">CHV1</code>
|
|
|
|
|
using the string value <code class="literal">secret</code>.
|
|
|
|
|
</p></dd><dt><span class="term"><code class="code">verify KEY2</code></span></dt><dd><p>
|
|
|
|
|
Verify <code class="literal">KEY2</code>,
|
|
|
|
|
get the value from the card reader's pin pad.
|
|
|
|
|
</p></dd></dl></div><p>
|
|
|
|
|
</p></dd><dt><span class="term">
|
|
|
|
|
<span class="command"><strong>sm</strong></span> <em class="replaceable"><code>[open]</code></em>|<em class="replaceable"><code>[close]</code></em>
|
|
|
|
|
</span></dt><dd><p>Calls the card's <em class="replaceable"><code>open</code></em> or <em class="replaceable"><code>close</code></em> Secure Messaging handler.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1680"></a><h2>See also</h2><p>
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">opensc-tool</span>(1)</span>
|
|
|
|
|
</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="piv-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>piv-tool — smart card utility for HSPD-12 PIV cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">piv-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm1679"></a><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1686"></a><h2>Authors</h2><p><span class="command"><strong>opensc-explorer</strong></span> was written by
|
|
|
|
|
Juha Yrjölä <code class="email"><<a class="email" href="mailto:juha.yrjola@iki.fi">juha.yrjola@iki.fi</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="piv-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>piv-tool — smart card utility for HSPD-12 PIV cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">piv-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm1706"></a><p>
|
|
|
|
|
The <span class="command"><strong>piv-tool</strong></span> utility can be used from the command line to perform
|
|
|
|
|
miscellaneous smart card operations on a HSPD-12 PIV smart card as defined in NIST 800-73-3.
|
|
|
|
|
It is intended for use with test cards only. It can be used to load objects, and generate
|
|
|
|
|
key pairs, as well as send arbitrary APDU commands to a card after having authenticated
|
|
|
|
|
to the card using the card key provided by the card vendor.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1682"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1709"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--serial</code>
|
|
|
|
|
</span></dt><dd><p>Print the card serial number derived from the CHUID object,
|
|
|
|
@ -1010,15 +1016,16 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</span></dt><dd><p>Causes <span class="command"><strong>piv-tool</strong></span> to be more verbose.
|
|
|
|
|
Specify this flag several times to enable debug output in the opensc
|
|
|
|
|
library.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1840"></a><h2>See also</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1867"></a><h2>See also</h2><p>
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">opensc-tool</span>(1)</span>
|
|
|
|
|
</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs11-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs11-tool — utility for managing and using PKCS #11 security tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pkcs11-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm1861"></a><h2>Description</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1873"></a><h2>Authors</h2><p><span class="command"><strong>piv-tool</strong></span> was written by
|
|
|
|
|
Douglas E. Engert <code class="email"><<a class="email" href="mailto:deengert@gmail.com">deengert@gmail.com</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs11-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs11-tool — utility for managing and using PKCS #11 security tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pkcs11-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm1893"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>pkcs11-tool</strong></span> utility is used to manage the
|
|
|
|
|
data objects on smart cards and similar PKCS #11 security tokens.
|
|
|
|
|
Users can list and read PINs, keys and certificates stored on the
|
|
|
|
|
token. User PIN authentication is performed for those operations
|
|
|
|
|
that require it.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1865"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm1897"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--attr-from</code> <em class="replaceable"><code>filename</code></em>
|
|
|
|
|
</span></dt><dd><p>Extract information from <em class="replaceable"><code>filename</code></em>
|
|
|
|
@ -1243,7 +1250,7 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
<code class="option">--generate-random</code> <em class="replaceable"><code>num</code></em>
|
|
|
|
|
</span></dt><dd><p>Get <em class="replaceable"><code>num</code></em> bytes of random data.
|
|
|
|
|
</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2268"></a><h2>Examples</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2300"></a><h2>Examples</h2><p>
|
|
|
|
|
To list all certificates on the smart card:
|
|
|
|
|
</p><pre class="programlisting">pkcs11-tool --list-objects --type cert</pre><p>
|
|
|
|
|
|
|
|
|
@ -1259,12 +1266,13 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
using the private key with ID <em class="replaceable"><code>ID</code></em> and
|
|
|
|
|
using the RSA-PKCS mechanism:
|
|
|
|
|
</p><pre class="programlisting">pkcs11-tool --sign --id ID --mechanism RSA-PKCS --input-file data --output-file data.sig</pre><p>
|
|
|
|
|
</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs15-crypt"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-crypt — perform crypto operations using PKCS#15 smart cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pkcs15-crypt</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm2293"></a><h2>Description</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2310"></a><h2>Authors</h2><p><span class="command"><strong>pkcs11-tool</strong></span> was written by
|
|
|
|
|
Olaf Kirch <code class="email"><<a class="email" href="mailto:okir@suse.de">okir@suse.de</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs15-crypt"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-crypt — perform crypto operations using PKCS#15 smart cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pkcs15-crypt</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm2330"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>pkcs15-crypt</strong></span> utility can be used from the
|
|
|
|
|
command line to perform cryptographic operations such as computing
|
|
|
|
|
digital signatures or decrypting data, using keys stored on a PKCS#15
|
|
|
|
|
compliant smart card.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2297"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2334"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--version</code>,
|
|
|
|
|
</span></dt><dd><p>Print the OpenSC package release version.</p></dd><dt><span class="term">
|
|
|
|
@ -1361,17 +1369,18 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</span></dt><dd><p>Causes <span class="command"><strong>pkcs15-crypt</strong></span> to be more
|
|
|
|
|
verbose. Specify this flag several times to enable debug output
|
|
|
|
|
in the OpenSC library.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2424"></a><h2>See also</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2461"></a><h2>See also</h2><p>
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">pkcs15-init</span>(1)</span>,
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">pkcs15-tool</span>(1)</span>
|
|
|
|
|
</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs15-init"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-init — smart card personalization utility</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pkcs15-init</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm2454"></a><h2>Description</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2470"></a><h2>Authors</h2><p><span class="command"><strong>pkcs15-crypt</strong></span> was written by
|
|
|
|
|
Juha Yrjölä <code class="email"><<a class="email" href="mailto:juha.yrjola@iki.fi">juha.yrjola@iki.fi</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs15-init"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-init — smart card personalization utility</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pkcs15-init</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm2496"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>pkcs15-init</strong></span> utility can be used to create a PKCS #15
|
|
|
|
|
structure on a smart card, and add key or certificate objects. Details of the
|
|
|
|
|
structure that will be created are controlled via profiles.
|
|
|
|
|
</p><p>
|
|
|
|
|
The profile used by default is <span class="command"><strong>pkcs15</strong></span>. Alternative
|
|
|
|
|
profiles can be specified via the <code class="option">-p</code> switch.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2461"></a><h2>PIN Usage</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2503"></a><h2>PIN Usage</h2><p>
|
|
|
|
|
<span class="command"><strong>pkcs15-init</strong></span> can be used to create a PKCS #15 structure on
|
|
|
|
|
your smart card, create PINs, and install keys and certificates on the card.
|
|
|
|
|
This process is also called <em class="replaceable"><code>personalization</code></em>.
|
|
|
|
@ -1403,7 +1412,7 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
are protected and cannot be parsed without authentication (usually with User PIN).
|
|
|
|
|
This authentication need to be done immediately after the card binding.
|
|
|
|
|
In such cases <code class="option">--verify-pin</code> has to be used.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2473"></a><h2>Modes of operation</h2><div class="refsect2"><a name="idm2475"></a><h3>Initialization</h3><p>This is the first step during card personalization, and will create the
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2515"></a><h2>Modes of operation</h2><div class="refsect2"><a name="idm2517"></a><h3>Initialization</h3><p>This is the first step during card personalization, and will create the
|
|
|
|
|
basic files on the card. To create the initial PKCS #15 structure, invoke the
|
|
|
|
|
utility as
|
|
|
|
|
</p><p>
|
|
|
|
@ -1413,7 +1422,7 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</p><p>
|
|
|
|
|
If the card supports it, you should erase the contents of the card with
|
|
|
|
|
<span class="command"><strong>pkcs15-init --erase-card</strong></span> before creating the PKCS#15 structure.
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2483"></a><h3>User PIN Installation</h3><p>
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2525"></a><h3>User PIN Installation</h3><p>
|
|
|
|
|
Before installing any user objects such as private keys, you need at least one
|
|
|
|
|
PIN to protect these objects. you can do this using
|
|
|
|
|
</p><p>
|
|
|
|
@ -1427,7 +1436,7 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</p><p>
|
|
|
|
|
To set a label for this PIN object (which can be used by applications to display
|
|
|
|
|
a meaningful prompt to the user), use the <code class="option">--label</code> command line option.
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2493"></a><h3>Key generation</h3><p>
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2535"></a><h3>Key generation</h3><p>
|
|
|
|
|
<span class="command"><strong>pkcs15-init</strong></span> lets you generate a new key and store it on the card.
|
|
|
|
|
You can do this using:
|
|
|
|
|
</p><p>
|
|
|
|
@ -1445,7 +1454,7 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
In addition to storing the private portion of the key on the card,
|
|
|
|
|
<span class="command"><strong>pkcs15-init</strong></span> will also store the the public portion of the
|
|
|
|
|
key as a PKCS #15 public key object.
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2507"></a><h3>Private Key Upload</h3><p>
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2549"></a><h3>Private Key Upload</h3><p>
|
|
|
|
|
You can use a private key generated by other means and upload it to the card.
|
|
|
|
|
For instance, to upload a private key contained in a file named
|
|
|
|
|
<code class="filename">okir.pem</code>, which is in PEM format, you would use
|
|
|
|
@ -1469,7 +1478,7 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
a file. A PKCS #12 file usually contains the X.509 certificate corresponding
|
|
|
|
|
to the private key. If that is the case, <span class="command"><strong>pkcs15-init</strong></span> will
|
|
|
|
|
store the certificate instead of the public key portion.
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2521"></a><h3>Public Key Upload</h3><p>
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2563"></a><h3>Public Key Upload</h3><p>
|
|
|
|
|
You can also upload individual public keys to the card using the
|
|
|
|
|
<code class="option">--store-public-key</code> option, which takes a filename as an
|
|
|
|
|
argument. This file is supposed to contain the public key. If you don't
|
|
|
|
@ -1480,12 +1489,12 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
Since the corresponding public keys are always uploaded automatically
|
|
|
|
|
when generating a new key, or when uploading a private key, you will
|
|
|
|
|
probably use this option only very rarely.
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2528"></a><h3>Certificate Upload</h3><p>
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2570"></a><h3>Certificate Upload</h3><p>
|
|
|
|
|
You can upload certificates to the card using the
|
|
|
|
|
<code class="option">--store-certificate</code> option, which takes a filename as
|
|
|
|
|
an argument. This file is supposed to contain the PEM encoded X.509
|
|
|
|
|
certificate.
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2532"></a><h3>Uploading PKCS #12 bags</h3><p>
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2574"></a><h3>Uploading PKCS #12 bags</h3><p>
|
|
|
|
|
Most browsers nowadays use PKCS #12 format files when you ask them to
|
|
|
|
|
export your key and certificate to a file. <span class="command"><strong>pkcs15-init</strong></span>
|
|
|
|
|
is capable of parsing these files, and storing their contents on the
|
|
|
|
@ -1499,7 +1508,7 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
and protect it with the PIN referenced by authentication ID <code class="literal">01</code>.
|
|
|
|
|
It will also store any X.509 certificates contained in the file, which is
|
|
|
|
|
usually the user certificate that goes with the key, as well as the CA certificate.
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2541"></a><h3>Secret Key Upload</h3><p>
|
|
|
|
|
</p></div><div class="refsect2"><a name="idm2583"></a><h3>Secret Key Upload</h3><p>
|
|
|
|
|
You can use a secret key generated by other means and upload it to the card.
|
|
|
|
|
For instance, to upload an AES-secret key generated by the system random generator
|
|
|
|
|
you would use
|
|
|
|
@ -1508,7 +1517,7 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</p><p>
|
|
|
|
|
By default a random ID is generated for the secret key. You may specify an ID
|
|
|
|
|
with the <code class="option">--id</code> if needed.
|
|
|
|
|
</p></div></div><div class="refsect1"><a name="idm2548"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div></div><div class="refsect1"><a name="idm2590"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--version</code>,
|
|
|
|
|
</span></dt><dd><p>Print the OpenSC package release version.</p></dd><dt><span class="term">
|
|
|
|
@ -1562,8 +1571,8 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
contain one long option per line, without the leading dashes,
|
|
|
|
|
for instance:
|
|
|
|
|
</p><pre class="programlisting">
|
|
|
|
|
pin 1234
|
|
|
|
|
puk 87654321
|
|
|
|
|
pin 1234
|
|
|
|
|
puk 87654321
|
|
|
|
|
</pre><p>
|
|
|
|
|
</p><p>
|
|
|
|
|
You can specify <code class="option">--options-file</code> several times.
|
|
|
|
@ -1845,16 +1854,17 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</span></dt><dd><p>
|
|
|
|
|
Display help message
|
|
|
|
|
</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2932"></a><h2>See also</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2974"></a><h2>See also</h2><p>
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">pkcs15-profile</span>(5)</span>
|
|
|
|
|
</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs15-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-tool — utility for manipulating PKCS #15 data structures
|
|
|
|
|
on smart cards and similar security tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pkcs15-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm2953"></a><h2>Description</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2980"></a><h2>Authors</h2><p><span class="command"><strong>pkcs15-init</strong></span> was written by
|
|
|
|
|
Olaf Kirch <code class="email"><<a class="email" href="mailto:okir@suse.de">okir@suse.de</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs15-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-tool — utility for manipulating PKCS #15 data structures
|
|
|
|
|
on smart cards and similar security tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pkcs15-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm3000"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>pkcs15-tool</strong></span> utility is used to manipulate
|
|
|
|
|
the PKCS #15 data structures on smart cards and similar security
|
|
|
|
|
tokens. Users can list and read PINs, keys and certificates stored
|
|
|
|
|
on the token. User PIN authentication is performed for those
|
|
|
|
|
operations that require it.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm2957"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3004"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--version</code>,
|
|
|
|
|
</span></dt><dd><p>Print the OpenSC package release version.</p></dd><dt><span class="term">
|
|
|
|
@ -1995,15 +2005,16 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
wait for a card insertion.</p></dd><dt><span class="term">
|
|
|
|
|
<code class="option">--use-pinpad</code>
|
|
|
|
|
</span></dt><dd><p>Do not prompt the user; if no PINs supplied, pinpad will be used.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3192"></a><h2>See also</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3239"></a><h2>See also</h2><p>
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">pkcs15-init</span>(1)</span>,
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">pkcs15-crypt</span>(1)</span>
|
|
|
|
|
</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="sc-hsm-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>sc-hsm-tool — smart card utility for SmartCard-HSM</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">sc-hsm-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm3216"></a><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3248"></a><h2>Authors</h2><p><span class="command"><strong>pkcs15-tool</strong></span> was written by
|
|
|
|
|
Juha Yrjölä <code class="email"><<a class="email" href="mailto:juha.yrjola@iki.fi">juha.yrjola@iki.fi</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="sc-hsm-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>sc-hsm-tool — smart card utility for SmartCard-HSM</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">sc-hsm-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm3268"></a><p>
|
|
|
|
|
The <span class="command"><strong>sc-hsm-tool</strong></span> utility can be used from the command line to perform
|
|
|
|
|
extended maintenance tasks not available via PKCS#11 or other tools in the OpenSC package.
|
|
|
|
|
It can be used to query the status of a SmartCard-HSM, initialize a device, generate and import
|
|
|
|
|
Device Key Encryption Key (DKEK) shares and to wrap and unwrap keys.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3219"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3271"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--initialize</code>,
|
|
|
|
|
<code class="option">-X</code>
|
|
|
|
@ -2075,15 +2086,16 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
</span></dt><dd><p>Causes <span class="command"><strong>sc-hsm-tool</strong></span> to be more verbose.
|
|
|
|
|
Specify this flag several times to enable debug output in the opensc
|
|
|
|
|
library.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3382"></a><h2>Examples</h2><p>Create a DKEK share:</p><p><span class="command"><strong>sc-hsm-tool --create-dkek-share dkek-share-1.pbe</strong></span></p><p>Create a DKEK share with random password split up using a (3, 5) threshold scheme:</p><p><span class="command"><strong>sc-hsm-tool --create-dkek-share dkek-share-1.pbe --pwd-shares-threshold 3 --pwd-shares-total 5</strong></span></p><p>Initialize SmartCard-HSM to use a single DKEK share:</p><p><span class="command"><strong>sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219 --dkek-shares 1 --label mytoken</strong></span></p><p>Import DKEK share:</p><p><span class="command"><strong>sc-hsm-tool --import-dkek-share dkek-share-1.pbe</strong></span></p><p>Import DKEK share using a password split up using a (3, 5) threshold scheme for encryption:</p><p><span class="command"><strong>sc-hsm-tool --import-dkek-share dkek-share-1.pbe --pwd-shares-total 3</strong></span></p><p>Wrap referenced key, description and certificate:</p><p><span class="command"><strong>sc-hsm-tool --wrap-key wrap-key.bin --key-reference 1 --pin 648219</strong></span></p><p>Unwrap key into same or in different SmartCard-HSM with the same DKEK:</p><p><span class="command"><strong>sc-hsm-tool --unwrap-key wrap-key.bin --key-reference 10 --pin 648219 --force</strong></span></p></div><div class="refsect1"><a name="idm3405"></a><h2>See also</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3434"></a><h2>Examples</h2><p>Create a DKEK share:</p><p><span class="command"><strong>sc-hsm-tool --create-dkek-share dkek-share-1.pbe</strong></span></p><p>Create a DKEK share with random password split up using a (3, 5) threshold scheme:</p><p><span class="command"><strong>sc-hsm-tool --create-dkek-share dkek-share-1.pbe --pwd-shares-threshold 3 --pwd-shares-total 5</strong></span></p><p>Initialize SmartCard-HSM to use a single DKEK share:</p><p><span class="command"><strong>sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219 --dkek-shares 1 --label mytoken</strong></span></p><p>Import DKEK share:</p><p><span class="command"><strong>sc-hsm-tool --import-dkek-share dkek-share-1.pbe</strong></span></p><p>Import DKEK share using a password split up using a (3, 5) threshold scheme for encryption:</p><p><span class="command"><strong>sc-hsm-tool --import-dkek-share dkek-share-1.pbe --pwd-shares-total 3</strong></span></p><p>Wrap referenced key, description and certificate:</p><p><span class="command"><strong>sc-hsm-tool --wrap-key wrap-key.bin --key-reference 1 --pin 648219</strong></span></p><p>Unwrap key into same or in different SmartCard-HSM with the same DKEK:</p><p><span class="command"><strong>sc-hsm-tool --unwrap-key wrap-key.bin --key-reference 10 --pin 648219 --force</strong></span></p></div><div class="refsect1"><a name="idm3457"></a><h2>See also</h2><p>
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">opensc-tool</span>(1)</span>
|
|
|
|
|
</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="westcos-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>westcos-tool — utility for manipulating data structures
|
|
|
|
|
on westcos smart cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">westcos-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm3426"></a><h2>Description</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3463"></a><h2>Authors</h2><p><span class="command"><strong>sc-hsm-tool</strong></span> was written by
|
|
|
|
|
Andreas Schwier <code class="email"><<a class="email" href="mailto:andreas.schwier@cardcontact.de">andreas.schwier@cardcontact.de</a>></code>.</p></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="westcos-tool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>westcos-tool — utility for manipulating data structures
|
|
|
|
|
on westcos smart cards</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">westcos-tool</code> [<em class="replaceable"><code>OPTIONS</code></em>]</p></div></div><div class="refsect1"><a name="idm3483"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>westcos-tool</strong></span> utility is used to manipulate
|
|
|
|
|
the westcos data structures on 2 Ko smart cards / tokens. Users can create PINs,
|
|
|
|
|
keys and certificates stored on the card / token. User PIN authentication is
|
|
|
|
|
performed for those operations that require it.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3430"></a><h2>Options</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3487"></a><h2>Options</h2><p>
|
|
|
|
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
|
|
|
|
<code class="option">--change-pin</code>,
|
|
|
|
|
<code class="option">-n</code>
|
|
|
|
@ -2165,8 +2177,8 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
from disk to card.
|
|
|
|
|
On the card the file is written in <em class="replaceable"><code>filename</code></em>.
|
|
|
|
|
User authentication is required for this operation.</p></dd></dl></div><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3559"></a><h2>Authors</h2><p><span class="command"><strong>westcos-tool</strong></span> was written by
|
|
|
|
|
Francois Leblanc <code class="email"><<a class="email" href="mailto:francois.leblanc@cev-sa.com">francois.leblanc@cev-sa.com</a>></code>.</p></div></div></div><div class="reference"><div class="titlepage"><div><div><h1 class="title"><a name="idm3564"></a>OpenSC file formats</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="refentrytitle"><a href="#pkcs15-profile">pkcs15-profile</a></span><span class="refpurpose"> — format of profile for <span class="command"><strong>pkcs15-init</strong></span></span></dt></dl></div><div class="refentry"><a name="pkcs15-profile"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-profile — format of profile for <span class="command"><strong>pkcs15-init</strong></span></p></div><div class="refsect1"><a name="idm3578"></a><h2>Description</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3616"></a><h2>Authors</h2><p><span class="command"><strong>westcos-tool</strong></span> was written by
|
|
|
|
|
Francois Leblanc <code class="email"><<a class="email" href="mailto:francois.leblanc@cev-sa.com">francois.leblanc@cev-sa.com</a>></code>.</p></div></div></div><div class="reference"><div class="titlepage"><div><div><h1 class="title"><a name="idm3621"></a>OpenSC file formats</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="refentrytitle"><a href="#pkcs15-profile">pkcs15-profile</a></span><span class="refpurpose"> — format of profile for <span class="command"><strong>pkcs15-init</strong></span></span></dt></dl></div><div class="refentry"><a name="pkcs15-profile"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-profile — format of profile for <span class="command"><strong>pkcs15-init</strong></span></p></div><div class="refsect1"><a name="idm3635"></a><h2>Description</h2><p>
|
|
|
|
|
The <span class="command"><strong>pkcs15-init</strong></span> utility for PKCS #15 smart card
|
|
|
|
|
personalization is controlled via profiles. When starting, it will read two
|
|
|
|
|
such profiles at the moment, a generic application profile, and a card
|
|
|
|
@ -2182,10 +2194,10 @@ to enable debug output in the opensc library.</p></dd></dl></div><p>
|
|
|
|
|
The card specific profile contains additional information required during
|
|
|
|
|
card initialization, such as location of PIN files, key references etc.
|
|
|
|
|
Profiles currently reside in <span class="command"><strong>@pkgdatadir@</strong></span>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3586"></a><h2>Syntax</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3643"></a><h2>Syntax</h2><p>
|
|
|
|
|
This section should contain information about the profile syntax. Will add
|
|
|
|
|
this soonishly.
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3589"></a><h2>See also</h2><p>
|
|
|
|
|
</p></div><div class="refsect1"><a name="idm3646"></a><h2>See also</h2><p>
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">pkcs15-init</span>(1)</span>,
|
|
|
|
|
<span class="citerefentry"><span class="refentrytitle">pkcs15-crypt</span>(1)</span>
|
|
|
|
|
</p></div></div></div></div></body></html>
|
|
|
|
|