diff --git a/doc/tools/cardos-tool.1.xml b/doc/tools/cardos-tool.1.xml index 9f384c89..62657110 100644 --- a/doc/tools/cardos-tool.1.xml +++ b/doc/tools/cardos-tool.1.xml @@ -88,4 +88,10 @@ smart cards and similar security tokens based on Siemens Card/OS M4. + + + Authors + cardos-tool was written by + Andreas Jellinghaus aj@dungeon.inka.de. + diff --git a/doc/tools/cryptoflex-tool.1.xml b/doc/tools/cryptoflex-tool.1.xml index 78428c61..f34a3c00 100644 --- a/doc/tools/cryptoflex-tool.1.xml +++ b/doc/tools/cryptoflex-tool.1.xml @@ -185,4 +185,10 @@ + + Authors + cryptoflex-tool was written by + Juha Yrjölä juha.yrjola@iki.fi. + + diff --git a/doc/tools/dnie-tool.1.xml b/doc/tools/dnie-tool.1.xml index 59f68b1d..2885446c 100644 --- a/doc/tools/dnie-tool.1.xml +++ b/doc/tools/dnie-tool.1.xml @@ -124,10 +124,6 @@ to enable debug output in the opensc library. - - See also - opensc(7) - Authors dnie-tool was written by diff --git a/doc/tools/gids-tool.1.xml b/doc/tools/gids-tool.1.xml index 7f4c076b..ee1a5cac 100644 --- a/doc/tools/gids-tool.1.xml +++ b/doc/tools/gids-tool.1.xml @@ -120,4 +120,10 @@ + + Authors + gids-tool was written by + Vincent Le Toux vincent.letoux@mysmartlogon.com. + + diff --git a/doc/tools/iasecc-tool.1.xml b/doc/tools/iasecc-tool.1.xml index 59ee1b1d..cc7a14b3 100644 --- a/doc/tools/iasecc-tool.1.xml +++ b/doc/tools/iasecc-tool.1.xml @@ -84,4 +84,10 @@ + + + Authors + iasecc-tool was written by + Viktor Tarasov viktor.tarasov@gmail.com. + diff --git a/doc/tools/opensc-explorer.1.xml b/doc/tools/opensc-explorer.1.xml index 25459726..662cd80a 100644 --- a/doc/tools/opensc-explorer.1.xml +++ b/doc/tools/opensc-explorer.1.xml @@ -97,408 +97,408 @@ - - Commands - - The following commands are supported at opensc-explorer's - interactive prompt or in script files passed via the command line parameter - SCRIPT. - - - - apdu hex-data - - - Send a custom APDU command hex-data. - - + + Commands + + The following commands are supported at opensc-explorer's + interactive prompt or in script files passed via the command line parameter + SCRIPT. + + + + apdu hex-data + + + Send a custom APDU command hex-data. + + - - - asn1 file-id - - Parse and print the ASN.1 encoded content of the file specified by - file-id. - + + + asn1 file-id + + Parse and print the ASN.1 encoded content of the file specified by + file-id. + - - - cat [file-id | sfi:short-id] - - Print the contents of the currently selected EF or the contents - of a file specified by file-id or the short file id - short-id. - - + + + cat [file-id | sfi:short-id] + + Print the contents of the currently selected EF or the contents + of a file specified by file-id or the short file id + short-id. + + - - - cd {.. | file-id | aid:DF-name} - - - Change to another DF specified by the argument passed. - If the argument given is .., then move up one level in the - file system hierarchy. - If it is file-id, which must be a DF directly - beneath the current DF, then change to that DF. - If it is an application identifier given as - aid:DF-name, - then jump to the MF of the application denoted by - DF-name. - - + + + cd {.. | file-id | aid:DF-name} + + + Change to another DF specified by the argument passed. + If the argument given is .., then move up one level in the + file system hierarchy. + If it is file-id, which must be a DF directly + beneath the current DF, then change to that DF. + If it is an application identifier given as + aid:DF-name, + then jump to the MF of the application denoted by + DF-name. + + - - - change CHVpin-ref [[old-pin] new-pin] - - - Change a PIN, where pin-ref is the PIN reference. - - Examples: - - - change CHV2 00:00:00:00:00:00 "foobar" - - Change PIN CHV2 - to the new value foobar, - giving the old value 00:00:00:00:00:00. - - - - change CHV2 "foobar" - - Set PIN CHV2 - to the new value foobar. - - - - change CHV2 - - Change PIN CHV2 using the card reader's pinpad. - - - - - - + + + change CHVpin-ref [[old-pin] new-pin] + + + Change a PIN, where pin-ref is the PIN reference. + + Examples: + + + change CHV2 00:00:00:00:00:00 "foobar" + + Change PIN CHV2 + to the new value foobar, + giving the old value 00:00:00:00:00:00. + + + + change CHV2 "foobar" + + Set PIN CHV2 + to the new value foobar. + + + + change CHV2 + + Change PIN CHV2 using the card reader's pinpad. + + + + + + - - - create file-id size - - Create a new EF. file-id specifies the - id number and size is the size of the new file. - - + + + create file-id size + + Create a new EF. file-id specifies the + id number and size is the size of the new file. + + - - - debug [level] - - - Set OpenSC debug level to level. - If level is omitted the current debug level will be shown. - - + + + debug [level] + + + Set OpenSC debug level to level. + If level is omitted the current debug level will be shown. + + - - - delete file-id - - Remove the EF or DF specified by file-id - + + + delete file-id + + Remove the EF or DF specified by file-id + - - - do_get hex-tag [output] - - - Copy the internal card's 'tagged' data into the local file. - The local file is specified by output while the tag of - the card's data is specified by hex-tag. - - - If output is omitted, the name of the output file will be - derived from hex-tag. - - - + + + do_get hex-tag [output] + + + Copy the internal card's 'tagged' data into the local file. + The local file is specified by output while the tag of + the card's data is specified by hex-tag. + + + If output is omitted, the name of the output file will be + derived from hex-tag. + + + - - - do_put hex-tag input - - - Update internal card's 'tagged' data. - hex-tag is the tag of the card's data. - input is the filename of the source file or the literal data presented as - a sequence of hexadecimal values or " enclosed string. - - - + + + do_put hex-tag input + + + Update internal card's 'tagged' data. + hex-tag is the tag of the card's data. + input is the filename of the source file or the literal data presented as + a sequence of hexadecimal values or " enclosed string. + + + - - - echo string ... - - - Print the strings given. - - + + + echo string ... + + + Print the strings given. + + - - - erase - - Erase the card, if the card supports it. - + + + erase + + Erase the card, if the card supports it. + - - - get file-id [output] - - - Copy an EF to a local file. The local file is specified - by output while the card file is specified by file-id. - - - If output is omitted, the name of the output file will be - derived from the full card path to file-id. - - - + + + get file-id [output] + + + Copy an EF to a local file. The local file is specified + by output while the card file is specified by file-id. + + + If output is omitted, the name of the output file will be + derived from the full card path to file-id. + + + - - - info [file-id] - - Display attributes of a file specified by file-id. - If file-id is not supplied, - the attributes of the current file are printed. - + + + info [file-id] + + Display attributes of a file specified by file-id. + If file-id is not supplied, + the attributes of the current file are printed. + - - - ls [pattern ...] - - List files in the current DF. - If no pattern is given, then all files are listed. - If one ore more patterns are given, only files matching - at least one pattern are listed. - + + + ls [pattern ...] + + List files in the current DF. + If no pattern is given, then all files are listed. + If one ore more patterns are given, only files matching + at least one pattern are listed. + - - - find [start-id [end-id]] - - Find all files in the current DF. - Files are found by selecting all file identifiers in the range from start-fid to end-fid (by default from 0000 to FFFF). - + + + find [start-id [end-id]] + + Find all files in the current DF. + Files are found by selecting all file identifiers in the range from start-fid to end-fid (by default from 0000 to FFFF). + - - - find_tags [start-tag [end-tag]] - - Find all tags of data objects in the current context. - Tags are found by using GET DATA in the range from start-tag to end-tag (by default from 0000 to FFFF). - + + + find_tags [start-tag [end-tag]] + + Find all tags of data objects in the current context. + Tags are found by using GET DATA in the range from start-tag to end-tag (by default from 0000 to FFFF). + - - - mkdir file-id size - - Create a DF. file-id specifies the id number - and size is the size of the new file. - + + + mkdir file-id size + + Create a DF. file-id specifies the id number + and size is the size of the new file. + - - - put file-id input - - Copy a local file to the card. The local file is specified - by input while the card file is specified by file-id. - - + + + put file-id input + + Copy a local file to the card. The local file is specified + by input while the card file is specified by file-id. + + - - - quit - - Exit the program. - + + + quit + + Exit the program. + - - - random count - - - Generate random sequence of count bytes. - - + + + random count + + + Generate random sequence of count bytes. + + - - - rm file-id - - Remove the EF or DF specified by file-id - + + + rm file-id + + Remove the EF or DF specified by file-id + - - - unblock CHVpin-ref [puk [new pin]] - - - - Unblock the PIN denoted by pin-ref - using the PUK puk, and set potentially - change its value to new pin. - - - PUK and PIN values can be a sequence of hexadecimal values, - "-enclosed strings, empty (""), - or absent. - If they are absent, the values are read from the card reader's pin pad. - - - Examples: - - - unblock CHV2 00:00:00:00:00:00 "foobar" - - Unblock PIN CHV2 using PUK - 00:00:00:00:00:00 - and set it to the new value foobar. - - - - unblock CHV2 00:00:00:00:00:00 "" - - Unblock PIN CHV2 using PUK - 00:00:00:00:00:00 keeping the old value. - - - - unblock CHV2 "" "foobar" - - Set new value of PIN CHV2 - to foobar. - - - - unblock CHV2 00:00:00:00:00:00 - - Unblock PIN CHV2 using PUK - 00:00:00:00:00:00. - The new PIN value is prompted by pinpad. - - - - unblock CHV2 "" - - Set PIN CHV2. - The new PIN value is prompted by pinpad. - - - - unblock CHV2 - - Unblock PIN CHV2. - The unblock code and new PIN value are prompted by pinpad. - - - - - - + + + unblock CHVpin-ref [puk [new pin]] + + + + Unblock the PIN denoted by pin-ref + using the PUK puk, and set potentially + change its value to new pin. + + + PUK and PIN values can be a sequence of hexadecimal values, + "-enclosed strings, empty (""), + or absent. + If they are absent, the values are read from the card reader's pin pad. + + + Examples: + + + unblock CHV2 00:00:00:00:00:00 "foobar" + + Unblock PIN CHV2 using PUK + 00:00:00:00:00:00 + and set it to the new value foobar. + + + + unblock CHV2 00:00:00:00:00:00 "" + + Unblock PIN CHV2 using PUK + 00:00:00:00:00:00 keeping the old value. + + + + unblock CHV2 "" "foobar" + + Set new value of PIN CHV2 + to foobar. + + + + unblock CHV2 00:00:00:00:00:00 + + Unblock PIN CHV2 using PUK + 00:00:00:00:00:00. + The new PIN value is prompted by pinpad. + + + + unblock CHV2 "" + + Set PIN CHV2. + The new PIN value is prompted by pinpad. + + + + unblock CHV2 + + Unblock PIN CHV2. + The unblock code and new PIN value are prompted by pinpad. + + + + + + - - - update_binary file-id offs data - - - Binary update of the file specified by - file-id with the literal data - data starting from offset specified - by offs. - data can be supplied as a sequencer - of the hex values or as a " enclosed string. - - + + + update_binary file-id offs data + + + Binary update of the file specified by + file-id with the literal data + data starting from offset specified + by offs. + data can be supplied as a sequencer + of the hex values or as a " enclosed string. + + - - - update_record file-id rec-nr rec-offs data - - - Update record specified by rec-nr of the file - specified by file-id with the literal data - data starting from offset specified by - rec-offs. - data can be supplied as a sequence of the hex values or - as a " enclosed string. - - + + + update_record file-id rec-nr rec-offs data + + + Update record specified by rec-nr of the file + specified by file-id with the literal data + data starting from offset specified by + rec-offs. + data can be supplied as a sequence of the hex values or + as a " enclosed string. + + - - - verify key-type key-id [key] - - Present a PIN or key to the card, where - key-type can be one of CHV, - KEY, AUT or PRO. - key-id is a number representing the key or PIN reference. - key is the key or PIN to be verified, formatted as a - colon-separated list of hex values or a " enclosed string. - - - If key is omitted, the exact action depends on the - card reader's features: if the card readers supports PIN input via a pin pad, - then the PIN will be verified using the card reader's pin pad. - If the card reader does not support PIN input, then the PIN will be asked - interactively. - - - Examples: - - - verify CHV0 31:32:33:34:00:00:00:00 - - Verify CHV2 using the hex value - 31:32:33:34:00:00:00:00 - - - - verify CHV1 "secret" - - Verify CHV1 - using the string value secret. - - - - verify KEY2 - - Verify KEY2, - get the value from the card reader's pin pad. - - - - - - + + + verify key-type key-id [key] + + Present a PIN or key to the card, where + key-type can be one of CHV, + KEY, AUT or PRO. + key-id is a number representing the key or PIN reference. + key is the key or PIN to be verified, formatted as a + colon-separated list of hex values or a " enclosed string. + + + If key is omitted, the exact action depends on the + card reader's features: if the card readers supports PIN input via a pin pad, + then the PIN will be verified using the card reader's pin pad. + If the card reader does not support PIN input, then the PIN will be asked + interactively. + + + Examples: + + + verify CHV0 31:32:33:34:00:00:00:00 + + Verify CHV2 using the hex value + 31:32:33:34:00:00:00:00 + + + + verify CHV1 "secret" + + Verify CHV1 + using the string value secret. + + + + verify KEY2 + + Verify KEY2, + get the value from the card reader's pin pad. + + + + + + - - - sm [open]|[close] - - - Calls the card's open or close Secure Messaging handler. - - + + + sm [open]|[close] + + + Calls the card's open or close Secure Messaging handler. + + - - - + + + See also @@ -510,4 +510,10 @@ + + Authors + opensc-explorer was written by + Juha Yrjölä juha.yrjola@iki.fi. + + diff --git a/doc/tools/opensc-tool.1.xml b/doc/tools/opensc-tool.1.xml index 4f7cf220..7399096e 100644 --- a/doc/tools/opensc-tool.1.xml +++ b/doc/tools/opensc-tool.1.xml @@ -175,4 +175,10 @@ + + Authors + opensc-tool was written by + Juha Yrjölä juha.yrjola@iki.fi. + + diff --git a/doc/tools/piv-tool.1.xml b/doc/tools/piv-tool.1.xml index 397d0ac8..234c3c82 100644 --- a/doc/tools/piv-tool.1.xml +++ b/doc/tools/piv-tool.1.xml @@ -201,4 +201,10 @@ + + Authors + piv-tool was written by + Douglas E. Engert deengert@gmail.com. + + diff --git a/doc/tools/pkcs11-tool.1.xml b/doc/tools/pkcs11-tool.1.xml index fedfdab0..37093f35 100644 --- a/doc/tools/pkcs11-tool.1.xml +++ b/doc/tools/pkcs11-tool.1.xml @@ -581,4 +581,10 @@ + + Authors + pkcs11-tool was written by + Olaf Kirch okir@suse.de. + + diff --git a/doc/tools/pkcs15-crypt.1.xml b/doc/tools/pkcs15-crypt.1.xml index f3dcf64b..6bc6b90e 100644 --- a/doc/tools/pkcs15-crypt.1.xml +++ b/doc/tools/pkcs15-crypt.1.xml @@ -224,4 +224,10 @@ + + Authors + pkcs15-crypt was written by + Juha Yrjölä juha.yrjola@iki.fi. + + diff --git a/doc/tools/pkcs15-init.1.xml b/doc/tools/pkcs15-init.1.xml index 0234de0c..9b520187 100644 --- a/doc/tools/pkcs15-init.1.xml +++ b/doc/tools/pkcs15-init.1.xml @@ -357,8 +357,8 @@ contain one long option per line, without the leading dashes, for instance: - pin 1234 - puk 87654321 +pin 1234 +puk 87654321 @@ -921,4 +921,10 @@ + + Authors + pkcs15-init was written by + Olaf Kirch okir@suse.de. + + diff --git a/doc/tools/pkcs15-tool.1.xml b/doc/tools/pkcs15-tool.1.xml index a13eab83..bb224c37 100644 --- a/doc/tools/pkcs15-tool.1.xml +++ b/doc/tools/pkcs15-tool.1.xml @@ -380,4 +380,10 @@ + + Authors + pkcs15-tool was written by + Juha Yrjölä juha.yrjola@iki.fi. + + diff --git a/doc/tools/sc-hsm-tool.1.xml b/doc/tools/sc-hsm-tool.1.xml index ba296bdb..9f130e1e 100644 --- a/doc/tools/sc-hsm-tool.1.xml +++ b/doc/tools/sc-hsm-tool.1.xml @@ -263,4 +263,10 @@ + + Authors + sc-hsm-tool was written by + Andreas Schwier andreas.schwier@cardcontact.de. + + diff --git a/doc/tools/tools.html b/doc/tools/tools.html index 882eff0e..8e19c4d6 100644 --- a/doc/tools/tools.html +++ b/doc/tools/tools.html @@ -43,7 +43,7 @@ span.errortext { font-style: italic; } - -->

OpenSC Manuals

Table of Contents

I. OpenSC tools
II. OpenSC file formats

OpenSC tools

Table of Contents

cardos-tool — displays information about Card OS-based security tokens or format them + -->

OpenSC Manuals

Table of Contents

I. OpenSC tools
II. OpenSC file formats

OpenSC tools

Table of Contents

cardos-tool — displays information about Card OS-based security tokens or format them
cryptoflex-tool — utility for manipulating Schlumberger Cryptoflex data structures
dnie-tool — displays information about DNIe based security tokens
eidenv — utility for accessing visible data from electronic identity cards
gids-tool — smart card utility for GIDS cards
netkey-tool — administrative utility for Netkey E4 cards
iasecc-tool — displays information about IAS/ECC card
openpgp-tool — utility for accessing visible data OpenPGP smart cards @@ -84,12 +84,13 @@ smart cards and similar security tokens based on Siemens Card/OS M4. -w

Causes cardos-tool to wait for the token to be inserted into reader.

-

Name

cryptoflex-tool — utility for manipulating Schlumberger Cryptoflex data structures

Synopsis

cryptoflex-tool [OPTIONS]

Description

+

Authors

cardos-tool was written by + Andreas Jellinghaus .

Name

cryptoflex-tool — utility for manipulating Schlumberger Cryptoflex data structures

Synopsis

cryptoflex-tool [OPTIONS]

Description

cryptoflex-tool is used to manipulate PKCS data structures on Schlumberger Cryptoflex smart cards. Users can create, list and read PINs and keys stored on the smart card. User PIN authentication is performed for those operations that require it. -

Options

+

Options

--app-df num, -a num @@ -151,11 +152,12 @@ smart cards and similar security tokens based on Siemens Card/OS M4. -w

Causes cryptoflex-tool to wait for a card insertion.

-

See also

+

See also

pkcs15-tool(1) -

Name

dnie-tool — displays information about DNIe based security tokens

Synopsis

dnie-tool [OPTIONS]

Description

+

Authors

cryptoflex-tool was written by + Juha Yrjölä .

Name

dnie-tool — displays information about DNIe based security tokens

Synopsis

dnie-tool [OPTIONS]

Description

The dnie-tool utility is used to display additional information about DNIe, the Spanish National eID card. -

Options

+

Options

--idesp, -i @@ -203,16 +205,16 @@ smart cards and similar security tokens based on Siemens Card/OS M4.

Causes dnie-tool to be more verbose. Specify this flag several times to enable debug output in the opensc library.

-

See also

opensc(7)

Authors

dnie-tool was written by +

Authors

dnie-tool was written by Juan Antonio Martinez .

Name

eidenv — utility for accessing visible data from - electronic identity cards

Synopsis

eidenv [OPTIONS]

Description

+ electronic identity cards

Synopsis

eidenv [OPTIONS]

Description

The eidenv utility is used for accessing data from electronic identity cards (like national eID cards) which might not be present in PKCS#15 objects but available in custom files on the card. The data can be printed on screen or used by other programs via environment variables. -

Options

+

Options

--exec prog, -x prog @@ -245,11 +247,11 @@ to enable debug output in the opensc library.

--wait, -w

Wait for a card to be inserted

-

Authors

eidenv utility was written by - Stef Hoeben and Martin Paljak .

Name

gids-tool — smart card utility for GIDS cards

Synopsis

gids-tool [OPTIONS]

+

Authors

eidenv utility was written by + Stef Hoeben and Martin Paljak .

Name

gids-tool — smart card utility for GIDS cards

Synopsis

gids-tool [OPTIONS]

The gids-tool utility can be used from the command line to perform miscellaneous smart card operations on a GIDS smart card. -

Options

+

Options

-X, --initialize @@ -284,13 +286,14 @@ to enable debug output in the opensc library.

--verbose

Verbose operation. Use several times to enable debug output.

-

See also

+

See also

opensc-tool(1) -

Name

netkey-tool — administrative utility for Netkey E4 cards

Synopsis

netkey-tool [OPTIONS] [COMMAND]

Description

The netkey-tool utility can be used from the +

Authors

gids-tool was written by + Vincent Le Toux .

Name

netkey-tool — administrative utility for Netkey E4 cards

Synopsis

netkey-tool [OPTIONS] [COMMAND]

Description

The netkey-tool utility can be used from the command line to perform some smart card operations with NetKey E4 cards that cannot be done easily with other OpenSC-tools, such as changing local PINs, storing certificates into empty NetKey E4 cert-files or displaying - the initial PUK-value.

Options

+ the initial PUK-value.

Options

--help, -h @@ -318,11 +321,11 @@ to enable debug output in the opensc library.

-v

Causes netkey-tool to be more verbose. This options may be specified multiple times to increase verbosity.

-

PIN format

With the -p, -u, -0 or the -1 +

PIN format

With the -p, -u, -0 or the -1 one of the cards pins may be specified. You may use plain ascii-strings (i.e. 123456) or a hex-string (i.e. 31:32:33:34:35:36). A hex-string must consist of exactly n 2-digit hexnumbers separated by n-1 colons. Otherwise it will be interpreted as an ascii string. For example :12:34: and 1:2:3:4 are both pins of - length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4.

Commands

When used without any options or commands, netkey-tool will + length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4.

Commands

When used without any options or commands, netkey-tool will display information about the smart cards pins and certificates. This will not change your card in any aspect (assumed there are no bugs in netkey-tool). In particular the tries-left counters of the pins are investigated without doing @@ -364,13 +367,13 @@ to enable debug output in the opensc library.

This unblocks the specified pin. You must specify another pin to be able to do this and if you don't specify a correct one, netkey-tool will tell you which one is needed.

-

See also

+

See also

opensc-explorer(1) -

Authors

netkey-tool was written by +

Authors

netkey-tool was written by Peter Koch .

Name

iasecc-tool — displays information about IAS/ECC card -

Synopsis

iasecc-tool [OPTIONS]

Description

+

Synopsis

iasecc-tool [OPTIONS]

Description

The iasecc-tool utility is used to display information about IAS/ECC v1.0.1 smart cards. -

Options

+

Options

--reader number,

@@ -394,8 +397,9 @@ to enable debug output in the opensc library.

-w

Causes iasecc-tool to wait for the token to be inserted into reader.

-

Name

openpgp-tool — utility for accessing visible data OpenPGP smart cards - and compatible tokens

Synopsis

openpgp-tool [OPTIONS]

Description

+

Authors

iasecc-tool was written by + Viktor Tarasov .

Name

openpgp-tool — utility for accessing visible data OpenPGP smart cards + and compatible tokens

Synopsis

openpgp-tool [OPTIONS]

Description

The openpgp-tool utility is used for accessing data from the OpenPGP v1.1 and v2.0 smart cards and compatible tokens like e.g. GPF CryptoStick v1.x, @@ -403,7 +407,7 @@ to enable debug output in the opensc library.

PKCS#15 objects but available in custom files on the card. The data can be printed on screen or used by other programs via environment variables. -

Options

+

Options

--exec prog, -x prog @@ -472,12 +476,12 @@ to enable debug output in the opensc library.

Wait for a card to be inserted.

-

Authors

openpgp-tool utility was written by - Peter Marschall .

Name

netkey-tool — administrative utility for Netkey E4 cards

Synopsis

netkey-tool [OPTIONS] [COMMAND]

Description

The netkey-tool utility can be used from the +

Authors

openpgp-tool utility was written by + Peter Marschall .

Name

netkey-tool — administrative utility for Netkey E4 cards

Synopsis

netkey-tool [OPTIONS] [COMMAND]

Description

The netkey-tool utility can be used from the command line to perform some smart card operations with NetKey E4 cards that cannot be done easily with other OpenSC-tools, such as changing local PINs, storing certificates into empty NetKey E4 cert-files or displaying - the initial PUK-value.

Options

+ the initial PUK-value.

Options

--help, -h @@ -505,11 +509,11 @@ to enable debug output in the opensc library.

-v

Causes netkey-tool to be more verbose. This options may be specified multiple times to increase verbosity.

-

PIN format

With the -p, -u, -0 or the -1 +

PIN format

With the -p, -u, -0 or the -1 one of the cards pins may be specified. You may use plain ascii-strings (i.e. 123456) or a hex-string (i.e. 31:32:33:34:35:36). A hex-string must consist of exactly n 2-digit hexnumbers separated by n-1 colons. Otherwise it will be interpreted as an ascii string. For example :12:34: and 1:2:3:4 are both pins of - length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4.

Commands

When used without any options or commands, netkey-tool will + length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4.

Commands

When used without any options or commands, netkey-tool will display information about the smart cards pins and certificates. This will not change your card in any aspect (assumed there are no bugs in netkey-tool). In particular the tries-left counters of the pins are investigated without doing @@ -551,11 +555,11 @@ to enable debug output in the opensc library.

This unblocks the specified pin. You must specify another pin to be able to do this and if you don't specify a correct one, netkey-tool will tell you which one is needed.

-

See also

+

See also

opensc-explorer(1) -

Authors

netkey-tool was written by +

Authors

netkey-tool was written by Peter Koch .

Name

openpgp-tool — utility for accessing visible data OpenPGP smart cards - and compatible tokens

Synopsis

openpgp-tool [OPTIONS]

Description

+ and compatible tokens

Synopsis

openpgp-tool [OPTIONS]

Description

The openpgp-tool utility is used for accessing data from the OpenPGP v1.1 and v2.0 smart cards and compatible tokens like e.g. GPF CryptoStick v1.x, @@ -563,7 +567,7 @@ to enable debug output in the opensc library.

PKCS#15 objects but available in custom files on the card. The data can be printed on screen or used by other programs via environment variables. -

Options

+

Options

--exec prog, -x prog @@ -632,12 +636,12 @@ to enable debug output in the opensc library.

Wait for a card to be inserted.

-

Authors

openpgp-tool utility was written by - Peter Marschall .

Name

opensc-tool — generic smart card utility

Synopsis

opensc-tool [OPTIONS]

Description

+

Authors

openpgp-tool utility was written by + Peter Marschall .

Name

opensc-tool — generic smart card utility

Synopsis

opensc-tool [OPTIONS]

Description

The opensc-tool utility can be used from the command line to perform miscellaneous smart card operations such as getting the card ATR or sending arbitrary APDU commands to a card. -

Options

+

Options

--version,

Print the OpenSC package release version.

@@ -697,17 +701,18 @@ to enable debug output in the opensc library.

--wait, -w

Wait for a card to be inserted.

-

See also

+

See also

opensc-explorer(1) -

Name

opensc-explorer — +

Authors

opensc-tool was written by + Juha Yrjölä .

Name

opensc-explorer — generic interactive utility for accessing smart card and similar security token functions -

Synopsis

opensc-explorer [OPTIONS] [SCRIPT]

Description

+

Synopsis

opensc-explorer [OPTIONS] [SCRIPT]

Description

The opensc-explorer utility can be used interactively to perform miscellaneous operations such as exploring the contents of or sending arbitrary APDU commands to a smart card or similar security token. -

Options

+

Options

The following are the command-line options for opensc-explorer. There are additional interactive commands available once it is running. @@ -742,189 +747,190 @@ to enable debug output in the opensc library.

--wait, -w

Wait for a card to be inserted

-

Commands

- The following commands are supported at opensc-explorer's - interactive prompt or in script files passed via the command line parameter - SCRIPT. -

- apdu hex-data -

Send a custom APDU command hex-data.

- asn1 file-id -

Parse and print the ASN.1 encoded content of the file specified by - file-id.

- cat [file-id | sfi:short-id] -

Print the contents of the currently selected EF or the contents - of a file specified by file-id or the short file id - short-id. -

- cd {.. | file-id | aid:DF-name} -

- Change to another DF specified by the argument passed. - If the argument given is .., then move up one level in the - file system hierarchy. - If it is file-id, which must be a DF directly - beneath the current DF, then change to that DF. - If it is an application identifier given as - aid:DF-name, - then jump to the MF of the application denoted by - DF-name. -

- change CHVpin-ref [[old-pin] new-pin] -

Change a PIN, where pin-ref is the PIN reference.

- Examples: -

change CHV2 00:00:00:00:00:00 "foobar"

- Change PIN CHV2 - to the new value foobar, - giving the old value 00:00:00:00:00:00. -

change CHV2 "foobar"

- Set PIN CHV2 - to the new value foobar. -

change CHV2

- Change PIN CHV2 using the card reader's pinpad. -

-

- create file-id size -

Create a new EF. file-id specifies the - id number and size is the size of the new file. -

- debug [level] -

Set OpenSC debug level to level.

If level is omitted the current debug level will be shown.

- delete file-id -

Remove the EF or DF specified by file-id

- do_get hex-tag [output] -

Copy the internal card's 'tagged' data into the local file.

The local file is specified by output while the tag of - the card's data is specified by hex-tag. -

- If output is omitted, the name of the output file will be - derived from hex-tag. -

- do_put hex-tag input -

Update internal card's 'tagged' data.

hex-tag is the tag of the card's data. - input is the filename of the source file or the literal data presented as - a sequence of hexadecimal values or " enclosed string. -

- echo string ... -

Print the strings given.

- erase -

Erase the card, if the card supports it.

- get file-id [output] -

Copy an EF to a local file. The local file is specified - by output while the card file is specified by file-id. -

- If output is omitted, the name of the output file will be - derived from the full card path to file-id. -

- info [file-id] -

Display attributes of a file specified by file-id. - If file-id is not supplied, - the attributes of the current file are printed.

- ls [pattern ...] -

List files in the current DF. - If no pattern is given, then all files are listed. - If one ore more patterns are given, only files matching - at least one pattern are listed.

- find [start-id [end-id]] -

Find all files in the current DF. - Files are found by selecting all file identifiers in the range from start-fid to end-fid (by default from 0000 to FFFF).

- find_tags [start-tag [end-tag]] -

Find all tags of data objects in the current context. - Tags are found by using GET DATA in the range from start-tag to end-tag (by default from 0000 to FFFF).

- mkdir file-id size -

Create a DF. file-id specifies the id number - and size is the size of the new file.

- put file-id input -

Copy a local file to the card. The local file is specified - by input while the card file is specified by file-id. -

- quit -

Exit the program.

- random count -

Generate random sequence of count bytes.

- rm file-id -

Remove the EF or DF specified by file-id

- unblock CHVpin-ref [puk [new pin]] -

- Unblock the PIN denoted by pin-ref - using the PUK puk, and set potentially - change its value to new pin. -

- PUK and PIN values can be a sequence of hexadecimal values, - "-enclosed strings, empty (""), - or absent. - If they are absent, the values are read from the card reader's pin pad. -

- Examples: -

unblock CHV2 00:00:00:00:00:00 "foobar"

- Unblock PIN CHV2 using PUK - 00:00:00:00:00:00 - and set it to the new value foobar. -

unblock CHV2 00:00:00:00:00:00 ""

- Unblock PIN CHV2 using PUK - 00:00:00:00:00:00 keeping the old value. -

unblock CHV2 "" "foobar"

- Set new value of PIN CHV2 - to foobar. -

unblock CHV2 00:00:00:00:00:00

- Unblock PIN CHV2 using PUK - 00:00:00:00:00:00. - The new PIN value is prompted by pinpad. -

unblock CHV2 ""

- Set PIN CHV2. - The new PIN value is prompted by pinpad. -

unblock CHV2

- Unblock PIN CHV2. - The unblock code and new PIN value are prompted by pinpad. -

-

- update_binary file-id offs data -

Binary update of the file specified by - file-id with the literal data - data starting from offset specified - by offs.

data can be supplied as a sequencer - of the hex values or as a " enclosed string.

- update_record file-id rec-nr rec-offs data -

Update record specified by rec-nr of the file - specified by file-id with the literal data - data starting from offset specified by - rec-offs.

data can be supplied as a sequence of the hex values or - as a " enclosed string.

- verify key-type key-id [key] -

Present a PIN or key to the card, where - key-type can be one of CHV, - KEY, AUT or PRO. - key-id is a number representing the key or PIN reference. - key is the key or PIN to be verified, formatted as a - colon-separated list of hex values or a " enclosed string. -

- If key is omitted, the exact action depends on the - card reader's features: if the card readers supports PIN input via a pin pad, - then the PIN will be verified using the card reader's pin pad. - If the card reader does not support PIN input, then the PIN will be asked - interactively. -

- Examples: -

verify CHV0 31:32:33:34:00:00:00:00

- Verify CHV2 using the hex value - 31:32:33:34:00:00:00:00 -

verify CHV1 "secret"

- Verify CHV1 - using the string value secret. -

verify KEY2

- Verify KEY2, - get the value from the card reader's pin pad. -

-

- sm [open]|[close] -

Calls the card's open or close Secure Messaging handler.

-

See also

+

Commands

+ The following commands are supported at opensc-explorer's + interactive prompt or in script files passed via the command line parameter + SCRIPT. +

+ apdu hex-data +

Send a custom APDU command hex-data.

+ asn1 file-id +

Parse and print the ASN.1 encoded content of the file specified by + file-id.

+ cat [file-id | sfi:short-id] +

Print the contents of the currently selected EF or the contents + of a file specified by file-id or the short file id + short-id. +

+ cd {.. | file-id | aid:DF-name} +

+ Change to another DF specified by the argument passed. + If the argument given is .., then move up one level in the + file system hierarchy. + If it is file-id, which must be a DF directly + beneath the current DF, then change to that DF. + If it is an application identifier given as + aid:DF-name, + then jump to the MF of the application denoted by + DF-name. +

+ change CHVpin-ref [[old-pin] new-pin] +

Change a PIN, where pin-ref is the PIN reference.

+ Examples: +

change CHV2 00:00:00:00:00:00 "foobar"

+ Change PIN CHV2 + to the new value foobar, + giving the old value 00:00:00:00:00:00. +

change CHV2 "foobar"

+ Set PIN CHV2 + to the new value foobar. +

change CHV2

+ Change PIN CHV2 using the card reader's pinpad. +

+

+ create file-id size +

Create a new EF. file-id specifies the + id number and size is the size of the new file. +

+ debug [level] +

Set OpenSC debug level to level.

If level is omitted the current debug level will be shown.

+ delete file-id +

Remove the EF or DF specified by file-id

+ do_get hex-tag [output] +

Copy the internal card's 'tagged' data into the local file.

The local file is specified by output while the tag of + the card's data is specified by hex-tag. +

+ If output is omitted, the name of the output file will be + derived from hex-tag. +

+ do_put hex-tag input +

Update internal card's 'tagged' data.

hex-tag is the tag of the card's data. + input is the filename of the source file or the literal data presented as + a sequence of hexadecimal values or " enclosed string. +

+ echo string ... +

Print the strings given.

+ erase +

Erase the card, if the card supports it.

+ get file-id [output] +

Copy an EF to a local file. The local file is specified + by output while the card file is specified by file-id. +

+ If output is omitted, the name of the output file will be + derived from the full card path to file-id. +

+ info [file-id] +

Display attributes of a file specified by file-id. + If file-id is not supplied, + the attributes of the current file are printed.

+ ls [pattern ...] +

List files in the current DF. + If no pattern is given, then all files are listed. + If one ore more patterns are given, only files matching + at least one pattern are listed.

+ find [start-id [end-id]] +

Find all files in the current DF. + Files are found by selecting all file identifiers in the range from start-fid to end-fid (by default from 0000 to FFFF).

+ find_tags [start-tag [end-tag]] +

Find all tags of data objects in the current context. + Tags are found by using GET DATA in the range from start-tag to end-tag (by default from 0000 to FFFF).

+ mkdir file-id size +

Create a DF. file-id specifies the id number + and size is the size of the new file.

+ put file-id input +

Copy a local file to the card. The local file is specified + by input while the card file is specified by file-id. +

+ quit +

Exit the program.

+ random count +

Generate random sequence of count bytes.

+ rm file-id +

Remove the EF or DF specified by file-id

+ unblock CHVpin-ref [puk [new pin]] +

+ Unblock the PIN denoted by pin-ref + using the PUK puk, and set potentially + change its value to new pin. +

+ PUK and PIN values can be a sequence of hexadecimal values, + "-enclosed strings, empty (""), + or absent. + If they are absent, the values are read from the card reader's pin pad. +

+ Examples: +

unblock CHV2 00:00:00:00:00:00 "foobar"

+ Unblock PIN CHV2 using PUK + 00:00:00:00:00:00 + and set it to the new value foobar. +

unblock CHV2 00:00:00:00:00:00 ""

+ Unblock PIN CHV2 using PUK + 00:00:00:00:00:00 keeping the old value. +

unblock CHV2 "" "foobar"

+ Set new value of PIN CHV2 + to foobar. +

unblock CHV2 00:00:00:00:00:00

+ Unblock PIN CHV2 using PUK + 00:00:00:00:00:00. + The new PIN value is prompted by pinpad. +

unblock CHV2 ""

+ Set PIN CHV2. + The new PIN value is prompted by pinpad. +

unblock CHV2

+ Unblock PIN CHV2. + The unblock code and new PIN value are prompted by pinpad. +

+

+ update_binary file-id offs data +

Binary update of the file specified by + file-id with the literal data + data starting from offset specified + by offs.

data can be supplied as a sequencer + of the hex values or as a " enclosed string.

+ update_record file-id rec-nr rec-offs data +

Update record specified by rec-nr of the file + specified by file-id with the literal data + data starting from offset specified by + rec-offs.

data can be supplied as a sequence of the hex values or + as a " enclosed string.

+ verify key-type key-id [key] +

Present a PIN or key to the card, where + key-type can be one of CHV, + KEY, AUT or PRO. + key-id is a number representing the key or PIN reference. + key is the key or PIN to be verified, formatted as a + colon-separated list of hex values or a " enclosed string. +

+ If key is omitted, the exact action depends on the + card reader's features: if the card readers supports PIN input via a pin pad, + then the PIN will be verified using the card reader's pin pad. + If the card reader does not support PIN input, then the PIN will be asked + interactively. +

+ Examples: +

verify CHV0 31:32:33:34:00:00:00:00

+ Verify CHV2 using the hex value + 31:32:33:34:00:00:00:00 +

verify CHV1 "secret"

+ Verify CHV1 + using the string value secret. +

verify KEY2

+ Verify KEY2, + get the value from the card reader's pin pad. +

+

+ sm [open]|[close] +

Calls the card's open or close Secure Messaging handler.

+

See also

opensc-tool(1) -

Name

piv-tool — smart card utility for HSPD-12 PIV cards

Synopsis

piv-tool [OPTIONS]

+

Authors

opensc-explorer was written by + Juha Yrjölä .

Name

piv-tool — smart card utility for HSPD-12 PIV cards

Synopsis

piv-tool [OPTIONS]

The piv-tool utility can be used from the command line to perform miscellaneous smart card operations on a HSPD-12 PIV smart card as defined in NIST 800-73-3. It is intended for use with test cards only. It can be used to load objects, and generate key pairs, as well as send arbitrary APDU commands to a card after having authenticated to the card using the card key provided by the card vendor. -

Options

+

Options

--serial

Print the card serial number derived from the CHUID object, @@ -1010,15 +1016,16 @@ to enable debug output in the opensc library.

Causes piv-tool to be more verbose. Specify this flag several times to enable debug output in the opensc library.

-

See also

+

See also

opensc-tool(1) -

Name

pkcs11-tool — utility for managing and using PKCS #11 security tokens

Synopsis

pkcs11-tool [OPTIONS]

Description

+

Authors

piv-tool was written by + Douglas E. Engert .

Name

pkcs11-tool — utility for managing and using PKCS #11 security tokens

Synopsis

pkcs11-tool [OPTIONS]

Description

The pkcs11-tool utility is used to manage the data objects on smart cards and similar PKCS #11 security tokens. Users can list and read PINs, keys and certificates stored on the token. User PIN authentication is performed for those operations that require it. -

Options

+

Options

--attr-from filename

Extract information from filename @@ -1243,7 +1250,7 @@ to enable debug output in the opensc library.

--generate-random num

Get num bytes of random data.

-

Examples

+

Examples

To list all certificates on the smart card: 

pkcs11-tool --list-objects --type cert

@@ -1259,12 +1266,13 @@ to enable debug output in the opensc library.

using the private key with ID ID and using the RSA-PKCS mechanism: 

pkcs11-tool --sign --id ID --mechanism RSA-PKCS --input-file data --output-file data.sig

-

Name

pkcs15-crypt — perform crypto operations using PKCS#15 smart cards

Synopsis

pkcs15-crypt [OPTIONS]

Description

+

Authors

pkcs11-tool was written by + Olaf Kirch .

Name

pkcs15-crypt — perform crypto operations using PKCS#15 smart cards

Synopsis

pkcs15-crypt [OPTIONS]

Description

The pkcs15-crypt utility can be used from the command line to perform cryptographic operations such as computing digital signatures or decrypting data, using keys stored on a PKCS#15 compliant smart card. -

Options

+

Options

--version,

Print the OpenSC package release version.

@@ -1361,17 +1369,18 @@ to enable debug output in the opensc library.

Causes pkcs15-crypt to be more verbose. Specify this flag several times to enable debug output in the OpenSC library.

-

See also

+

See also

pkcs15-init(1), pkcs15-tool(1) -

Name

pkcs15-init — smart card personalization utility

Synopsis

pkcs15-init [OPTIONS]

Description

+

Authors

pkcs15-crypt was written by + Juha Yrjölä .

Name

pkcs15-init — smart card personalization utility

Synopsis

pkcs15-init [OPTIONS]

Description

The pkcs15-init utility can be used to create a PKCS #15 structure on a smart card, and add key or certificate objects. Details of the structure that will be created are controlled via profiles.

The profile used by default is pkcs15. Alternative profiles can be specified via the -p switch. -

PIN Usage

+

PIN Usage

pkcs15-init can be used to create a PKCS #15 structure on your smart card, create PINs, and install keys and certificates on the card. This process is also called personalization. @@ -1403,7 +1412,7 @@ to enable debug output in the opensc library.

are protected and cannot be parsed without authentication (usually with User PIN). This authentication need to be done immediately after the card binding. In such cases --verify-pin has to be used. -

Modes of operation

Initialization

This is the first step during card personalization, and will create the +

Modes of operation

Initialization

This is the first step during card personalization, and will create the basic files on the card. To create the initial PKCS #15 structure, invoke the utility as

@@ -1413,7 +1422,7 @@ to enable debug output in the opensc library.

If the card supports it, you should erase the contents of the card with pkcs15-init --erase-card before creating the PKCS#15 structure. -

User PIN Installation

+

User PIN Installation

Before installing any user objects such as private keys, you need at least one PIN to protect these objects. you can do this using

@@ -1427,7 +1436,7 @@ to enable debug output in the opensc library.

To set a label for this PIN object (which can be used by applications to display a meaningful prompt to the user), use the --label command line option. -

Key generation

+

Key generation

pkcs15-init lets you generate a new key and store it on the card. You can do this using:

@@ -1445,7 +1454,7 @@ to enable debug output in the opensc library.

In addition to storing the private portion of the key on the card, pkcs15-init will also store the the public portion of the key as a PKCS #15 public key object. -

Private Key Upload

+

Private Key Upload

You can use a private key generated by other means and upload it to the card. For instance, to upload a private key contained in a file named okir.pem, which is in PEM format, you would use @@ -1469,7 +1478,7 @@ to enable debug output in the opensc library.

a file. A PKCS #12 file usually contains the X.509 certificate corresponding to the private key. If that is the case, pkcs15-init will store the certificate instead of the public key portion. -

Public Key Upload

+

Public Key Upload

You can also upload individual public keys to the card using the --store-public-key option, which takes a filename as an argument. This file is supposed to contain the public key. If you don't @@ -1480,12 +1489,12 @@ to enable debug output in the opensc library.

Since the corresponding public keys are always uploaded automatically when generating a new key, or when uploading a private key, you will probably use this option only very rarely. -

Certificate Upload

+

Certificate Upload

You can upload certificates to the card using the --store-certificate option, which takes a filename as an argument. This file is supposed to contain the PEM encoded X.509 certificate. -

Uploading PKCS #12 bags

+

Uploading PKCS #12 bags

Most browsers nowadays use PKCS #12 format files when you ask them to export your key and certificate to a file. pkcs15-init is capable of parsing these files, and storing their contents on the @@ -1499,7 +1508,7 @@ to enable debug output in the opensc library.

and protect it with the PIN referenced by authentication ID 01. It will also store any X.509 certificates contained in the file, which is usually the user certificate that goes with the key, as well as the CA certificate. -

Secret Key Upload

+

Secret Key Upload

You can use a secret key generated by other means and upload it to the card. For instance, to upload an AES-secret key generated by the system random generator you would use @@ -1508,7 +1517,7 @@ to enable debug output in the opensc library.

By default a random ID is generated for the secret key. You may specify an ID with the --id if needed. -

Options

+

Options

--version,

Print the OpenSC package release version.

@@ -1562,8 +1571,8 @@ to enable debug output in the opensc library.

contain one long option per line, without the leading dashes, for instance: 

-								pin		1234
-								puk		87654321
+pin		1234
+puk		87654321

You can specify --options-file several times. @@ -1845,16 +1854,17 @@ to enable debug output in the opensc library.

Display help message

-

See also

+

See also

pkcs15-profile(5) -

Name

pkcs15-tool — utility for manipulating PKCS #15 data structures - on smart cards and similar security tokens

Synopsis

pkcs15-tool [OPTIONS]

Description

+

Authors

pkcs15-init was written by + Olaf Kirch .

Name

pkcs15-tool — utility for manipulating PKCS #15 data structures + on smart cards and similar security tokens

Synopsis

pkcs15-tool [OPTIONS]

Description

The pkcs15-tool utility is used to manipulate the PKCS #15 data structures on smart cards and similar security tokens. Users can list and read PINs, keys and certificates stored on the token. User PIN authentication is performed for those operations that require it. -

Options

+

Options

--version,

Print the OpenSC package release version.

@@ -1995,15 +2005,16 @@ to enable debug output in the opensc library.

wait for a card insertion.

--use-pinpad

Do not prompt the user; if no PINs supplied, pinpad will be used.

-

See also

+

See also

pkcs15-init(1), pkcs15-crypt(1) -

Name

sc-hsm-tool — smart card utility for SmartCard-HSM

Synopsis

sc-hsm-tool [OPTIONS]

+

Authors

pkcs15-tool was written by + Juha Yrjölä .

Name

sc-hsm-tool — smart card utility for SmartCard-HSM

Synopsis

sc-hsm-tool [OPTIONS]

The sc-hsm-tool utility can be used from the command line to perform extended maintenance tasks not available via PKCS#11 or other tools in the OpenSC package. It can be used to query the status of a SmartCard-HSM, initialize a device, generate and import Device Key Encryption Key (DKEK) shares and to wrap and unwrap keys. -

Options

+

Options

--initialize, -X @@ -2075,15 +2086,16 @@ to enable debug output in the opensc library.

Causes sc-hsm-tool to be more verbose. Specify this flag several times to enable debug output in the opensc library.

-

Examples

Create a DKEK share:

sc-hsm-tool --create-dkek-share dkek-share-1.pbe

Create a DKEK share with random password split up using a (3, 5) threshold scheme:

sc-hsm-tool --create-dkek-share dkek-share-1.pbe --pwd-shares-threshold 3 --pwd-shares-total 5

Initialize SmartCard-HSM to use a single DKEK share:

sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219 --dkek-shares 1 --label mytoken

Import DKEK share:

sc-hsm-tool --import-dkek-share dkek-share-1.pbe

Import DKEK share using a password split up using a (3, 5) threshold scheme for encryption:

sc-hsm-tool --import-dkek-share dkek-share-1.pbe --pwd-shares-total 3

Wrap referenced key, description and certificate:

sc-hsm-tool --wrap-key wrap-key.bin --key-reference 1 --pin 648219

Unwrap key into same or in different SmartCard-HSM with the same DKEK:

sc-hsm-tool --unwrap-key wrap-key.bin --key-reference 10 --pin 648219 --force

See also

+

Examples

Create a DKEK share:

sc-hsm-tool --create-dkek-share dkek-share-1.pbe

Create a DKEK share with random password split up using a (3, 5) threshold scheme:

sc-hsm-tool --create-dkek-share dkek-share-1.pbe --pwd-shares-threshold 3 --pwd-shares-total 5

Initialize SmartCard-HSM to use a single DKEK share:

sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219 --dkek-shares 1 --label mytoken

Import DKEK share:

sc-hsm-tool --import-dkek-share dkek-share-1.pbe

Import DKEK share using a password split up using a (3, 5) threshold scheme for encryption:

sc-hsm-tool --import-dkek-share dkek-share-1.pbe --pwd-shares-total 3

Wrap referenced key, description and certificate:

sc-hsm-tool --wrap-key wrap-key.bin --key-reference 1 --pin 648219

Unwrap key into same or in different SmartCard-HSM with the same DKEK:

sc-hsm-tool --unwrap-key wrap-key.bin --key-reference 10 --pin 648219 --force

See also

opensc-tool(1) -

Name

westcos-tool — utility for manipulating data structures - on westcos smart cards

Synopsis

westcos-tool [OPTIONS]

Description

+

Authors

sc-hsm-tool was written by + Andreas Schwier .

Name

westcos-tool — utility for manipulating data structures + on westcos smart cards

Synopsis

westcos-tool [OPTIONS]

Description

The westcos-tool utility is used to manipulate the westcos data structures on 2 Ko smart cards / tokens. Users can create PINs, keys and certificates stored on the card / token. User PIN authentication is performed for those operations that require it. -

Options

+

Options

--change-pin, -n @@ -2165,8 +2177,8 @@ to enable debug output in the opensc library.

from disk to card. On the card the file is written in filename. User authentication is required for this operation.

-

Authors

westcos-tool was written by - Francois Leblanc .

OpenSC file formats

Table of Contents

pkcs15-profile — format of profile for pkcs15-init

Name

pkcs15-profile — format of profile for pkcs15-init

Description

+

Authors

westcos-tool was written by + Francois Leblanc .

OpenSC file formats

Table of Contents

pkcs15-profile — format of profile for pkcs15-init

Name

pkcs15-profile — format of profile for pkcs15-init

Description

The pkcs15-init utility for PKCS #15 smart card personalization is controlled via profiles. When starting, it will read two such profiles at the moment, a generic application profile, and a card @@ -2182,10 +2194,10 @@ to enable debug output in the opensc library.

The card specific profile contains additional information required during card initialization, such as location of PIN files, key references etc. Profiles currently reside in @pkgdatadir@ -

Syntax

+

Syntax

This section should contain information about the profile syntax. Will add this soonishly. -

See also

+

See also

pkcs15-init(1), pkcs15-crypt(1)

diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c index 03f10888..66b723c2 100644 --- a/src/libopensc/card-piv.c +++ b/src/libopensc/card-piv.c @@ -3,8 +3,7 @@ * card-default.c: Support for cards with no driver * * Copyright (C) 2001, 2002 Juha Yrjölä - * Copyright (C) 2005,2006,2007,2008,2009,2010 Douglas E. Engert - * Copyright (C) 2016 Douglas E. Engert + * Copyright (C) 2005-2016 Douglas E. Engert * Copyright (C) 2006, Identity Alliance, Thomas Harning * Copyright (C) 2007, EMC, Russell Larner * diff --git a/src/tools/piv-tool.c b/src/tools/piv-tool.c index 74635c87..9a3645b0 100644 --- a/src/tools/piv-tool.c +++ b/src/tools/piv-tool.c @@ -2,7 +2,7 @@ * piv-tool.c: Tool for accessing smart cards with libopensc * * Copyright (C) 2001 Juha Yrjölä - * Copyright (C) 2005,2010 Douglas E. Engert + * Copyright (C) 2005,2010 Douglas E. Engert * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public