From d824eb62bc41f8f714bd6d67b6333ea07a527d70 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sat, 4 Jun 2011 19:18:34 +0200 Subject: [PATCH 01/26] pkcs15-profile.xml: remove empty SYNOPSIS section --- doc/tools/pkcs15-profile.xml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/doc/tools/pkcs15-profile.xml b/doc/tools/pkcs15-profile.xml index cc687b3d..6fc912cd 100644 --- a/doc/tools/pkcs15-profile.xml +++ b/doc/tools/pkcs15-profile.xml @@ -11,13 +11,6 @@ format of profile for pkcs15-init - - Synopsis - - - - - Description From bb9ffa1bd383f0d5dad90a0f2ed04082139d8dd5 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 14 Aug 2011 19:37:11 +0200 Subject: [PATCH 02/26] piv-tool.xml: fix typo --- doc/tools/piv-tool.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/tools/piv-tool.xml b/doc/tools/piv-tool.xml index f2d1a7b1..a26c2f53 100644 --- a/doc/tools/piv-tool.xml +++ b/doc/tools/piv-tool.xml @@ -42,9 +42,9 @@ Print the name of the inserted card (driver) - argument, arguement + argument, argument Authenticate to the card using a 2DES or 3DES key. - An arguement {A|M}:{ref}:{alg} is required, were A uses "EXTERNAL AUTHENTICATION" + An argument {A|M}:{ref}:{alg} is required, were A uses "EXTERNAL AUTHENTICATION" and M uses "MUTUAL AUTHENTICATION". ref is normally 9B, and alg is 03 for 3DES. The key is provided by card vendor, and the environment variable PIV_EXT_AUTH_KEY must point to a text file with the key in the format: From d25b30b7027a22e64404e815501ffe2c80699403 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 14 Aug 2011 21:52:02 +0200 Subject: [PATCH 03/26] doc/tools/*.xml: use sections Use sections with tags for the synopsis instead of plain sections. Create one where it was massing. --- doc/tools/cardos-tool.xml | 12 ++++++------ doc/tools/cryptoflex-tool.xml | 12 ++++++------ doc/tools/eidenv.xml | 12 ++++++------ doc/tools/netkey-tool.xml | 11 +++++++---- doc/tools/opensc-explorer.xml | 12 ++++++------ doc/tools/opensc-tool.xml | 12 ++++++------ doc/tools/piv-tool.xml | 12 ++++++------ doc/tools/pkcs11-tool.xml | 12 ++++++------ doc/tools/pkcs15-crypt.xml | 12 ++++++------ doc/tools/pkcs15-init.xml | 8 +++++++- doc/tools/pkcs15-tool.xml | 12 ++++++------ doc/tools/westcos-tool.xml | 12 ++++++------ 12 files changed, 74 insertions(+), 65 deletions(-) diff --git a/doc/tools/cardos-tool.xml b/doc/tools/cardos-tool.xml index ea82001b..3b11a11e 100644 --- a/doc/tools/cardos-tool.xml +++ b/doc/tools/cardos-tool.xml @@ -12,12 +12,12 @@ - - Synopsis - - cardos-tool [OPTIONS] - - + + + cardos-tool + OPTIONS + + Description diff --git a/doc/tools/cryptoflex-tool.xml b/doc/tools/cryptoflex-tool.xml index ef09dece..46fcc7e7 100644 --- a/doc/tools/cryptoflex-tool.xml +++ b/doc/tools/cryptoflex-tool.xml @@ -11,12 +11,12 @@ utility for manipulating Schlumberger Cryptoflex data structures - - Synopsis - - cryptoflex-tool [OPTIONS] - - + + + cryptoflex-tool + OPTIONS + + Description diff --git a/doc/tools/eidenv.xml b/doc/tools/eidenv.xml index 2d111711..aedebb16 100644 --- a/doc/tools/eidenv.xml +++ b/doc/tools/eidenv.xml @@ -12,12 +12,12 @@ electronic identity cards - - Synopsis - - eidenv [OPTIONS] - - + + + eidenv + OPTIONS + + Description diff --git a/doc/tools/netkey-tool.xml b/doc/tools/netkey-tool.xml index e8d3149d..2944c30d 100644 --- a/doc/tools/netkey-tool.xml +++ b/doc/tools/netkey-tool.xml @@ -11,10 +11,13 @@ administrative utility for Netkey E4 cards - - Synopsis - netkey-tool [OPTIONS] [COMMAND] - + + + netkey-tool + OPTIONS + COMMAND + + Description diff --git a/doc/tools/opensc-explorer.xml b/doc/tools/opensc-explorer.xml index c08b6cdd..a5208ab1 100644 --- a/doc/tools/opensc-explorer.xml +++ b/doc/tools/opensc-explorer.xml @@ -14,12 +14,12 @@ - - Synopsis - - opensc-explorer [OPTIONS] - - + + + opensc-explorer + OPTIONS + + Description diff --git a/doc/tools/opensc-tool.xml b/doc/tools/opensc-tool.xml index eda02720..972ba04d 100644 --- a/doc/tools/opensc-tool.xml +++ b/doc/tools/opensc-tool.xml @@ -11,12 +11,12 @@ generic smart card utility - - Synopsis - - opensc-tool [OPTIONS] - - + + + opensc-tool + OPTIONS + + Description diff --git a/doc/tools/piv-tool.xml b/doc/tools/piv-tool.xml index a26c2f53..6fd66a5b 100644 --- a/doc/tools/piv-tool.xml +++ b/doc/tools/piv-tool.xml @@ -11,12 +11,12 @@ smart card utility for HSPD-12 PIV cards - - Synopsis - - piv-tool [OPTIONS] - - + + + piv-tool + OPTIONS + + diff --git a/doc/tools/pkcs11-tool.xml b/doc/tools/pkcs11-tool.xml index 153ec3cb..342a3c0d 100644 --- a/doc/tools/pkcs11-tool.xml +++ b/doc/tools/pkcs11-tool.xml @@ -11,12 +11,12 @@ utility for managing and using PKCS #11 security tokens - - Synopsis - - pkcs11-tool [OPTIONS] - - + + + pkcs11-tool + OPTIONS + + Description diff --git a/doc/tools/pkcs15-crypt.xml b/doc/tools/pkcs15-crypt.xml index e5f3d52a..9c8e278a 100644 --- a/doc/tools/pkcs15-crypt.xml +++ b/doc/tools/pkcs15-crypt.xml @@ -11,12 +11,12 @@ perform crypto operations using pkcs15 smart card - - Synopsis - - pkcs15-crypt [OPTIONS] - - + + + pkcs15-crypt + OPTIONS + + Description diff --git a/doc/tools/pkcs15-init.xml b/doc/tools/pkcs15-init.xml index d27496a6..298f8985 100644 --- a/doc/tools/pkcs15-init.xml +++ b/doc/tools/pkcs15-init.xml @@ -11,6 +11,13 @@ smart card personalization utility + + + pkcs15-init + OPTIONS + + + Description @@ -367,7 +374,6 @@ - , diff --git a/doc/tools/pkcs15-tool.xml b/doc/tools/pkcs15-tool.xml index 9a845c64..649ea9a3 100644 --- a/doc/tools/pkcs15-tool.xml +++ b/doc/tools/pkcs15-tool.xml @@ -12,12 +12,12 @@ on smart cards and similar security tokens - - Synopsis - - pkcs15-tool [OPTIONS] - - + + + pkcs15-tool + OPTIONS + + Description diff --git a/doc/tools/westcos-tool.xml b/doc/tools/westcos-tool.xml index 762b59a5..e4d0049d 100644 --- a/doc/tools/westcos-tool.xml +++ b/doc/tools/westcos-tool.xml @@ -12,12 +12,12 @@ on westcos smart cards - - Synopsis - - westcos-tool [OPTIONS] - - + + + westcos-tool + OPTIONS + + Description From b628f14c13b603b53a82b5597d7b893e557e0cb9 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 14 Aug 2011 22:05:17 +0200 Subject: [PATCH 04/26] doc/tools/*.xml: harmonize & complete sections --- doc/tools/pkcs15-init.xml | 8 +++++++- doc/tools/pkcs15-profile.xml | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/tools/pkcs15-init.xml b/doc/tools/pkcs15-init.xml index 298f8985..71594fcf 100644 --- a/doc/tools/pkcs15-init.xml +++ b/doc/tools/pkcs15-init.xml @@ -1,5 +1,11 @@ - + + + pkcs15-init + 1 + opensc + + pkcs15-init 1 diff --git a/doc/tools/pkcs15-profile.xml b/doc/tools/pkcs15-profile.xml index 6fc912cd..1220710b 100644 --- a/doc/tools/pkcs15-profile.xml +++ b/doc/tools/pkcs15-profile.xml @@ -1,5 +1,5 @@ - + pkcs15-profile 5 From 4a3e9771e2cf382ddd03eb1cacb22f2148b7a933 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 14 Aug 2011 22:31:31 +0200 Subject: [PATCH 05/26] doc/tools/*.xml: use in "See also" sections Instead of using plain text, use machine-parsable sections to refer to other odcuments. --- doc/tools/cryptoflex-tool.xml | 7 ++++++- doc/tools/netkey-tool.xml | 7 ++++++- doc/tools/opensc-explorer.xml | 7 ++++++- doc/tools/opensc-tool.xml | 7 ++++++- doc/tools/piv-tool.xml | 7 ++++++- doc/tools/pkcs15-crypt.xml | 11 ++++++++++- doc/tools/pkcs15-init.xml | 7 ++++++- doc/tools/pkcs15-profile.xml | 11 ++++++++++- doc/tools/pkcs15-tool.xml | 11 ++++++++++- 9 files changed, 66 insertions(+), 9 deletions(-) diff --git a/doc/tools/cryptoflex-tool.xml b/doc/tools/cryptoflex-tool.xml index 46fcc7e7..798140d1 100644 --- a/doc/tools/cryptoflex-tool.xml +++ b/doc/tools/cryptoflex-tool.xml @@ -128,7 +128,12 @@ See also - pkcs15-tool(1) + + + pkcs15-tool + 1 + + diff --git a/doc/tools/netkey-tool.xml b/doc/tools/netkey-tool.xml index 2944c30d..6f413ce1 100644 --- a/doc/tools/netkey-tool.xml +++ b/doc/tools/netkey-tool.xml @@ -141,7 +141,12 @@ See also - opensc-explorer(1) + + + opensc-explorer + 1 + + diff --git a/doc/tools/opensc-explorer.xml b/doc/tools/opensc-explorer.xml index a5208ab1..7052af12 100644 --- a/doc/tools/opensc-explorer.xml +++ b/doc/tools/opensc-explorer.xml @@ -291,7 +291,12 @@ See also - opensc-tool(1) + + + opensc-tool + 1 + + diff --git a/doc/tools/opensc-tool.xml b/doc/tools/opensc-tool.xml index 972ba04d..3aae6eac 100644 --- a/doc/tools/opensc-tool.xml +++ b/doc/tools/opensc-tool.xml @@ -90,7 +90,12 @@ to enable debug output in the opensc library. See also - opensc-explorer(1) + + + opensc-explorer + 1 + + diff --git a/doc/tools/piv-tool.xml b/doc/tools/piv-tool.xml index 6fd66a5b..0a86692a 100644 --- a/doc/tools/piv-tool.xml +++ b/doc/tools/piv-tool.xml @@ -124,7 +124,12 @@ See also - opensc-tool(1) + + + opensc-tool + 1 + + diff --git a/doc/tools/pkcs15-crypt.xml b/doc/tools/pkcs15-crypt.xml index 9c8e278a..794443e8 100644 --- a/doc/tools/pkcs15-crypt.xml +++ b/doc/tools/pkcs15-crypt.xml @@ -142,7 +142,16 @@ See also - pkcs15-init(1), pkcs15-tool(1) + + + pkcs15-init + 1 + , + + pkcs15-tool + 1 + + diff --git a/doc/tools/pkcs15-init.xml b/doc/tools/pkcs15-init.xml index 71594fcf..5a410e76 100644 --- a/doc/tools/pkcs15-init.xml +++ b/doc/tools/pkcs15-init.xml @@ -440,7 +440,12 @@ See also - pkcs15-profile(5) + + + pkcs15-profile + 5 + + diff --git a/doc/tools/pkcs15-profile.xml b/doc/tools/pkcs15-profile.xml index 1220710b..dfbea864 100644 --- a/doc/tools/pkcs15-profile.xml +++ b/doc/tools/pkcs15-profile.xml @@ -44,7 +44,16 @@ See also - pkcs15-init(1), pkcs15-crypt(1) + + + pkcs15-init + 1 + , + + pkcs15-crypt + 1 + + diff --git a/doc/tools/pkcs15-tool.xml b/doc/tools/pkcs15-tool.xml index 649ea9a3..dd527227 100644 --- a/doc/tools/pkcs15-tool.xml +++ b/doc/tools/pkcs15-tool.xml @@ -178,7 +178,16 @@ See also - pkcs15-init(1), pkcs15-crypt(1) + + + pkcs15-init + 1 + , + + pkcs15-crypt + 1 + + From 46389f543ff9cc763b132600fefaf5bed7fa432e Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 14 Aug 2011 23:27:55 +0200 Subject: [PATCH 06/26] doc/tools/*.xml: add class attributes Use with the class attributei values "productname","manual" and "source". This avoids some warnings when generating the manual pages. --- doc/tools/cardos-tool.xml | 4 +++- doc/tools/cryptoflex-tool.xml | 4 +++- doc/tools/eidenv.xml | 4 +++- doc/tools/netkey-tool.xml | 4 +++- doc/tools/opensc-explorer.xml | 4 +++- doc/tools/opensc-tool.xml | 4 +++- doc/tools/piv-tool.xml | 4 +++- doc/tools/pkcs11-tool.xml | 4 +++- doc/tools/pkcs15-crypt.xml | 4 +++- doc/tools/pkcs15-init.xml | 8 ++++++-- doc/tools/pkcs15-profile.xml | 4 +++- doc/tools/pkcs15-tool.xml | 4 +++- doc/tools/westcos-tool.xml | 4 +++- 13 files changed, 42 insertions(+), 14 deletions(-) diff --git a/doc/tools/cardos-tool.xml b/doc/tools/cardos-tool.xml index 3b11a11e..03356625 100644 --- a/doc/tools/cardos-tool.xml +++ b/doc/tools/cardos-tool.xml @@ -3,7 +3,9 @@ cardos-tool 1 - opensc + OpenSC + OpenSC Tools + opensc diff --git a/doc/tools/cryptoflex-tool.xml b/doc/tools/cryptoflex-tool.xml index 798140d1..39d8b0fb 100644 --- a/doc/tools/cryptoflex-tool.xml +++ b/doc/tools/cryptoflex-tool.xml @@ -3,7 +3,9 @@ cryptoflex-tool 1 - opensc + OpenSC + OpenSC Tools + opensc diff --git a/doc/tools/eidenv.xml b/doc/tools/eidenv.xml index aedebb16..4cdf28bc 100644 --- a/doc/tools/eidenv.xml +++ b/doc/tools/eidenv.xml @@ -3,7 +3,9 @@ eidenv 1 - opensc + OpenSC + OpenSC Tools + opensc diff --git a/doc/tools/netkey-tool.xml b/doc/tools/netkey-tool.xml index 6f413ce1..3cc29593 100644 --- a/doc/tools/netkey-tool.xml +++ b/doc/tools/netkey-tool.xml @@ -3,7 +3,9 @@ netkey-tool 1 - opensc + OpenSC + OpenSC Tools + opensc diff --git a/doc/tools/opensc-explorer.xml b/doc/tools/opensc-explorer.xml index 7052af12..1a477e1a 100644 --- a/doc/tools/opensc-explorer.xml +++ b/doc/tools/opensc-explorer.xml @@ -3,7 +3,9 @@ opensc-explorer 1 - opensc + OpenSC + OpenSC Tools + opensc diff --git a/doc/tools/opensc-tool.xml b/doc/tools/opensc-tool.xml index 3aae6eac..6a9dc59c 100644 --- a/doc/tools/opensc-tool.xml +++ b/doc/tools/opensc-tool.xml @@ -3,7 +3,9 @@ opensc-tool 1 - opensc + OpenSC + OpenSC Tools + opensc diff --git a/doc/tools/piv-tool.xml b/doc/tools/piv-tool.xml index 0a86692a..fc1005b8 100644 --- a/doc/tools/piv-tool.xml +++ b/doc/tools/piv-tool.xml @@ -3,7 +3,9 @@ piv-tool 1 - opensc + OpenSC + OpenSC Tools + opensc diff --git a/doc/tools/pkcs11-tool.xml b/doc/tools/pkcs11-tool.xml index 342a3c0d..dff94ff9 100644 --- a/doc/tools/pkcs11-tool.xml +++ b/doc/tools/pkcs11-tool.xml @@ -3,7 +3,9 @@ pkcs11-tool 1 - opensc + OpenSC + OpenSC Tools + opensc diff --git a/doc/tools/pkcs15-crypt.xml b/doc/tools/pkcs15-crypt.xml index 794443e8..0927e274 100644 --- a/doc/tools/pkcs15-crypt.xml +++ b/doc/tools/pkcs15-crypt.xml @@ -3,7 +3,9 @@ pkcs15-crypt 1 - opensc + OpenSC + OpenSC Tools + opensc diff --git a/doc/tools/pkcs15-init.xml b/doc/tools/pkcs15-init.xml index 5a410e76..72ef44c0 100644 --- a/doc/tools/pkcs15-init.xml +++ b/doc/tools/pkcs15-init.xml @@ -3,13 +3,17 @@ pkcs15-init 1 - opensc + OpenSC + OpenSC Tools + opensc pkcs15-init 1 - opensc + OpenSC + OpenSC Tools + opensc diff --git a/doc/tools/pkcs15-profile.xml b/doc/tools/pkcs15-profile.xml index dfbea864..e66ea772 100644 --- a/doc/tools/pkcs15-profile.xml +++ b/doc/tools/pkcs15-profile.xml @@ -3,7 +3,9 @@ pkcs15-profile 5 - opensc + OpenSC + OpenSC File Formats + opensc diff --git a/doc/tools/pkcs15-tool.xml b/doc/tools/pkcs15-tool.xml index dd527227..24176e3c 100644 --- a/doc/tools/pkcs15-tool.xml +++ b/doc/tools/pkcs15-tool.xml @@ -3,7 +3,9 @@ pkcs15-tool 1 - opensc + OpenSC + OpenSC Tools + opensc diff --git a/doc/tools/westcos-tool.xml b/doc/tools/westcos-tool.xml index e4d0049d..139e5ed3 100644 --- a/doc/tools/westcos-tool.xml +++ b/doc/tools/westcos-tool.xml @@ -3,7 +3,9 @@ westcos-tool 1 - opensc + OpenSC + OpenSC Tools + opensc From 0c7d1bdb65e8812d9677af2750e3cbb70abfcda1 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Mon, 15 Aug 2011 10:21:19 +0200 Subject: [PATCH 07/26] doc/Makefile.am: get rid of "api.work" kludge --- doc/Makefile.am | 25 +++++-------------------- doc/html.xsl | 13 ++++++------- doc/man.xsl | 2 +- 3 files changed, 12 insertions(+), 28 deletions(-) diff --git a/doc/Makefile.am b/doc/Makefile.am index d982c5cd..370aed86 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -12,36 +12,21 @@ man5_MANS = man.out/*.5 endif html.out/*: html.out -html.out: api.work +html.out: -rm -fr html.tmp html.out $(MKDIR_P) html.tmp - $(XSLTPROC) --nonet --path "$(srcdir)/api" --xinclude -o "html.tmp/tools.html" "api.work/html.xsl" "$(srcdir)/tools/tools.xml" + $(XSLTPROC) --nonet --path "$(srcdir):$(xslstylesheetsdir)/html" --xinclude -o "html.tmp/tools.html" "html.xsl" "$(srcdir)/tools/tools.xml" mv html.tmp html.out man.out/*.1: man.out -man.out: api.work +man.out: -rm -fr man.tmp man.out $(MKDIR_P) man.tmp - $(XSLTPROC) --nonet --path "$(srcdir)/api" --xinclude -o "man.tmp/" "api.work/man.xsl" "$(srcdir)/tools/tools.xml" + $(XSLTPROC) --nonet --path "$(srcdir):$(xslstylesheetsdir)/manpages" --xinclude -o "man.tmp/" "man.xsl" "$(srcdir)/tools/tools.xml" mv man.tmp man.out man.out/*.5: man.out/*.1 -# -# This part is needed as found no -# way to make xsltproc find xsl-stylesheets -# in builddir while xsl on srcdir -# -api.work: \ - $(abs_srcdir)/html.xsl \ - $(abs_srcdir)/man.xsl \ - $(abs_srcdir)/api.css - -rm -fr api.work - $(MKDIR_P) api.work - $(LN_S) "$(abs_srcdir)/html.xsl" api.work/html.xsl - $(LN_S) "$(abs_srcdir)/man.xsl" api.work/man.xsl - $(LN_S) "$(abs_srcdir)/api.css" api.work/api.css - $(LN_S) "$(xslstylesheetsdir)" api.work/xsl-stylesheets clean-local: - -rm -fr html.tmp man.tmp api.work html.out man.out + -rm -fr html.tmp man.tmp html.out man.out diff --git a/doc/html.xsl b/doc/html.xsl index 93e75268..a9a95ee2 100644 --- a/doc/html.xsl +++ b/doc/html.xsl @@ -3,14 +3,13 @@ ]> - + - + - diff --git a/doc/man.xsl b/doc/man.xsl index 1496fb1a..892a6a81 100644 --- a/doc/man.xsl +++ b/doc/man.xsl @@ -1,4 +1,4 @@ - + From aa5974bf5806d22b0a2749692f8ef793853911b2 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Mon, 15 Aug 2011 10:40:57 +0200 Subject: [PATCH 08/26] doc/tools/*.xml: include manpage sections in file names Rename source XML files so that their names contain the manpage sections. --- .../{cardos-tool.xml => cardos-tool.1.xml} | 0 ...ptoflex-tool.xml => cryptoflex-tool.1.xml} | 2 +- doc/tools/{eidenv.xml => eidenv.1.xml} | 0 .../{netkey-tool.xml => netkey-tool.1.xml} | 0 ...nsc-explorer.xml => opensc-explorer.1.xml} | 28 ++++++------- .../{opensc-tool.xml => opensc-tool.1.xml} | 6 +-- doc/tools/{piv-tool.xml => piv-tool.1.xml} | 42 +++++++++---------- .../{pkcs11-tool.xml => pkcs11-tool.1.xml} | 4 +- .../{pkcs15-crypt.xml => pkcs15-crypt.1.xml} | 4 +- .../{pkcs15-init.xml => pkcs15-init.1.xml} | 26 ++++++------ ...kcs15-profile.xml => pkcs15-profile.5.xml} | 2 +- .../{pkcs15-tool.xml => pkcs15-tool.1.xml} | 14 +++---- doc/tools/tools.xml | 26 ++++++------ .../{westcos-tool.xml => westcos-tool.1.xml} | 18 ++++---- 14 files changed, 86 insertions(+), 86 deletions(-) rename doc/tools/{cardos-tool.xml => cardos-tool.1.xml} (100%) rename doc/tools/{cryptoflex-tool.xml => cryptoflex-tool.1.xml} (99%) rename doc/tools/{eidenv.xml => eidenv.1.xml} (100%) rename doc/tools/{netkey-tool.xml => netkey-tool.1.xml} (100%) rename doc/tools/{opensc-explorer.xml => opensc-explorer.1.xml} (95%) rename doc/tools/{opensc-tool.xml => opensc-tool.1.xml} (98%) rename doc/tools/{piv-tool.xml => piv-tool.1.xml} (93%) rename doc/tools/{pkcs11-tool.xml => pkcs11-tool.1.xml} (99%) rename doc/tools/{pkcs15-crypt.xml => pkcs15-crypt.1.xml} (99%) rename doc/tools/{pkcs15-init.xml => pkcs15-init.1.xml} (97%) rename doc/tools/{pkcs15-profile.xml => pkcs15-profile.5.xml} (99%) rename doc/tools/{pkcs15-tool.xml => pkcs15-tool.1.xml} (98%) rename doc/tools/{westcos-tool.xml => westcos-tool.1.xml} (97%) diff --git a/doc/tools/cardos-tool.xml b/doc/tools/cardos-tool.1.xml similarity index 100% rename from doc/tools/cardos-tool.xml rename to doc/tools/cardos-tool.1.xml diff --git a/doc/tools/cryptoflex-tool.xml b/doc/tools/cryptoflex-tool.1.xml similarity index 99% rename from doc/tools/cryptoflex-tool.xml rename to doc/tools/cryptoflex-tool.1.xml index 39d8b0fb..505cfc5e 100644 --- a/doc/tools/cryptoflex-tool.xml +++ b/doc/tools/cryptoflex-tool.1.xml @@ -127,7 +127,7 @@ - + See also diff --git a/doc/tools/eidenv.xml b/doc/tools/eidenv.1.xml similarity index 100% rename from doc/tools/eidenv.xml rename to doc/tools/eidenv.1.xml diff --git a/doc/tools/netkey-tool.xml b/doc/tools/netkey-tool.1.xml similarity index 100% rename from doc/tools/netkey-tool.xml rename to doc/tools/netkey-tool.1.xml diff --git a/doc/tools/opensc-explorer.xml b/doc/tools/opensc-explorer.1.xml similarity index 95% rename from doc/tools/opensc-explorer.xml rename to doc/tools/opensc-explorer.1.xml index 1a477e1a..425f8b90 100644 --- a/doc/tools/opensc-explorer.xml +++ b/doc/tools/opensc-explorer.1.xml @@ -154,7 +154,7 @@ - id + id [[old-pin] new-pin] change a PIN, where id is the PIN reference @@ -186,7 +186,7 @@ by output while the card file is specified by file-id. - If output is ommited, the name of the output file will be + If output is ommited, the name of the output file will be derivated from the full card path to file-id. @@ -196,7 +196,7 @@ hex-tag input update internal card's 'tagged' data. - hex-tag is the tag of the card's data. + hex-tag is the tag of the card's data. input is the filename of the source file or the literal data presented as a sequence of hexadecimal values or '"' enclosed string. @@ -207,11 +207,11 @@ hex-tag [output] copy the internal card's 'tagged' data into the local file. - The local file is specified by output while the tag of + The local file is specified by output while the tag of the card's data is specified by hex-tag. - If output is ommited, the name of the output file will be + If output is ommited, the name of the output file will be derivated from hex-tag. @@ -239,22 +239,22 @@ file-id rec_nr rec_offs data - update record specified by rec_nr of the file - specified by file-id with the literal data - data starting from offset specified by + update record specified by rec_nr of the file + specified by file-id with the literal data + data starting from offset specified by rec_offs. - data can be supplied as a sequence of the hex values or + data can be supplied as a sequence of the hex values or as a '"' encolsed string. - file-id offs + file-id offs data - binary update of the file specified by file-id with the literal data + binary update of the file specified by file-id with the literal data data starting from offset specified by offs. - data can be supplied as a sequence of the hex values or + data can be supplied as a sequence of the hex values or as a '"' encolsed string. @@ -277,7 +277,7 @@ file-id - parse and print the ASN1 encoded content of the file specified by + parse and print the ASN1 encoded content of the file specified by file-id. @@ -290,7 +290,7 @@ - + See also diff --git a/doc/tools/opensc-tool.xml b/doc/tools/opensc-tool.1.xml similarity index 98% rename from doc/tools/opensc-tool.xml rename to doc/tools/opensc-tool.1.xml index 6a9dc59c..5c2c8d11 100644 --- a/doc/tools/opensc-tool.xml +++ b/doc/tools/opensc-tool.1.xml @@ -23,8 +23,8 @@ Description - The opensc-tool utility can be used from the command line to perform - miscellaneous smart card operations such as getting the card ATR or + The opensc-tool utility can be used from the command line to perform + miscellaneous smart card operations such as getting the card ATR or sending arbitrary APDU commands to a card. @@ -89,7 +89,7 @@ to enable debug output in the opensc library. - + See also diff --git a/doc/tools/piv-tool.xml b/doc/tools/piv-tool.1.xml similarity index 93% rename from doc/tools/piv-tool.xml rename to doc/tools/piv-tool.1.xml index fc1005b8..a2f85eae 100644 --- a/doc/tools/piv-tool.xml +++ b/doc/tools/piv-tool.1.xml @@ -22,11 +22,11 @@ - The piv-tool utility can be used from the command line to perform + The piv-tool utility can be used from the command line to perform miscellaneous smart card operations on a HSPD-12 PIV smart card as defined in NIST 800-73-3. - It is intened for use with test cards only. It can be used to load objects, and generate - key pairs, as well as send arbitrary APDU commands to a card after having authenticated - to the card using the card key provided by the card vendor. + It is intened for use with test cards only. It can be used to load objects, and generate + key pairs, as well as send arbitrary APDU commands to a card after having authenticated + to the card using the card key provided by the card vendor. @@ -36,9 +36,9 @@ - Print the derived card serial number from the CHUID object if any. + Print the derived card serial number from the CHUID object if any. output is in hex byte format. - + Print the name of the inserted card (driver) @@ -48,7 +48,7 @@ Authenticate to the card using a 2DES or 3DES key. An argument {A|M}:{ref}:{alg} is required, were A uses "EXTERNAL AUTHENTICATION" and M uses "MUTUAL AUTHENTICATION". ref is normally 9B, and alg is 03 for - 3DES. The key is provided by card vendor, and the environment variable + 3DES. The key is provided by card vendor, and the environment variable PIV_EXT_AUTH_KEY must point to a text file with the key in the format: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX @@ -56,45 +56,45 @@ argument, argument Generate a key pair on the card and output the public key. - An argument {ref}:{alg} is required, where ref is 9A, 9C, 9D or 9E and alg is - 06, 07, 11 or 14 for RSA 1024, RSA 2048, ECC 256 or ECC 384. + An argument {ref}:{alg} is required, where ref is 9A, 9C, 9D or 9E and alg is + 06, 07, 11 or 14 for RSA 1024, RSA 2048, ECC 256 or ECC 384. - + ContainerID, ContainerID Load an object on to the card. The ContainerID is defined in NIST 800-73-n without leading 0x. Example: CHUID object is 3000 - + ref, ref Load a certificate on to the card. ref is 9A, 9C, 9D or 9E - + ref, ref Load a certificate that has been gziped on to the card. ref is 9A, 9C, 9D or 9E - + file, file Output file for any operation that produces output. - - + + file, file Input file for any operation that requires an input file. - - + + file Print properties of the key slots. Needs 'admin' authentication. - + apdu, apdu @@ -104,7 +104,7 @@ num - Use the given reader number. The default is 0, + Use the given reader number. The default is 0, the first reader in the system. @@ -117,13 +117,13 @@ - Causes piv-tool to be more verbose. + Causes piv-tool to be more verbose. Specify this flag several times to enable debug output in the opensc library. - + See also diff --git a/doc/tools/pkcs11-tool.xml b/doc/tools/pkcs11-tool.1.xml similarity index 99% rename from doc/tools/pkcs11-tool.xml rename to doc/tools/pkcs11-tool.1.xml index dff94ff9..d071d614 100644 --- a/doc/tools/pkcs11-tool.xml +++ b/doc/tools/pkcs11-tool.1.xml @@ -134,7 +134,7 @@ id, path - Write a key or certificate object to the token. + Write a key or certificate object to the token. path points to the DER-encoded certificate or key file. @@ -178,7 +178,7 @@ label - Specify the label of token. Will be used the first slot, that has the + Specify the label of token. Will be used the first slot, that has the inserted token with this label. diff --git a/doc/tools/pkcs15-crypt.xml b/doc/tools/pkcs15-crypt.1.xml similarity index 99% rename from doc/tools/pkcs15-crypt.xml rename to doc/tools/pkcs15-crypt.1.xml index 0927e274..4ff79c73 100644 --- a/doc/tools/pkcs15-crypt.xml +++ b/doc/tools/pkcs15-crypt.1.xml @@ -127,7 +127,7 @@ aid - Specify in a hexadecimal form the AID of the on-card PKCS#15 + Specify in a hexadecimal form the AID of the on-card PKCS#15 application to be binded to. @@ -141,7 +141,7 @@ - + See also diff --git a/doc/tools/pkcs15-init.xml b/doc/tools/pkcs15-init.1.xml similarity index 97% rename from doc/tools/pkcs15-init.xml rename to doc/tools/pkcs15-init.1.xml index 72ef44c0..6e945b64 100644 --- a/doc/tools/pkcs15-init.xml +++ b/doc/tools/pkcs15-init.1.xml @@ -76,13 +76,13 @@ have been entered in a row. - For some cards that use the PKCS#15 emulation, the attributes of private objects + For some cards that use the PKCS#15 emulation, the attributes of private objects are protected and cannot be parsed without authentication (usually with User PIN). This authentication need to be done immediately after the card binding. In such cases has to be used. - + Modes of operation @@ -99,7 +99,7 @@ If the card supports it, you should erase the contents of the card with - pkcs15-init --erase-card before creating the PKCS#15 structure. + pkcs15-init --erase-card before creating the PKCS#15 structure. @@ -176,7 +176,7 @@ template defined by the profile. - In addition to the PEM key file format, pkcs15-init also + In addition to the PEM key file format, pkcs15-init also supports DER encoded keys, and PKCS #12 files. The latter is the file format used by Netscape Navigator (among others) when exporting certificates to a file. A PKCS #12 file usually contains the X.509 certificate corresponding @@ -233,7 +233,7 @@ - + Options @@ -305,11 +305,11 @@ (currently, the only supported name is ), optionally followed by a slash and the length of the key in bits. It is a good idea to specify the key ID along with this command, - using the option, otherwise an intrinsic ID - will be calculated from the key material. Look the description of + using the option, otherwise an intrinsic ID + will be calculated from the key material. Look the description of the 'pkcs15-id-style' attribut in the 'pkcs15.profile' for the details about the algorithm used to calculate intrinsic ID. - For the multi-application cards the target PKCS#15 application can be + For the multi-application cards the target PKCS#15 application can be specified by the hexadecimal AID value of the option. @@ -330,7 +330,7 @@ will be calculated from the key material. Look the description of the 'pkcs15-id-style' attribut in the 'pkcs15.profile' for the details about the algorithm used to calculate intrinsic ID. - For the multi-application cards the target PKCS#15 application can be + For the multi-application cards the target PKCS#15 application can be specified by the hexadecimal AID value of the option. @@ -357,8 +357,8 @@ Tells pkcs15-init to store the certificate given in on the card, creating a certificate object with the ID specified via the option. - Without supplied ID an intrisic ID will be calculated from the - certificate's public key. Look the description of the 'pkcs15-id-style' + Without supplied ID an intrisic ID will be calculated from the + certificate's public key. Look the description of the 'pkcs15-id-style' attribut in the 'pkcs15.profile' for the details about the algorithm used to calculate intrinsic ID. The file is assumed to contain the PEM encoded certificate. @@ -373,12 +373,12 @@ filename - Tells pkcs15-init to update the certificate + Tells pkcs15-init to update the certificate object with the ID specified via the option with the certificate in . The file is assumed to contain a PEM encoded certificate. - Pay extra attention when updating mail decryption certificates, as + Pay extra attention when updating mail decryption certificates, as missing certificates can render e-mail messages unreadable! diff --git a/doc/tools/pkcs15-profile.xml b/doc/tools/pkcs15-profile.5.xml similarity index 99% rename from doc/tools/pkcs15-profile.xml rename to doc/tools/pkcs15-profile.5.xml index e66ea772..a2e28d7a 100644 --- a/doc/tools/pkcs15-profile.xml +++ b/doc/tools/pkcs15-profile.5.xml @@ -43,7 +43,7 @@ this soonishly. - + See also diff --git a/doc/tools/pkcs15-tool.xml b/doc/tools/pkcs15-tool.1.xml similarity index 98% rename from doc/tools/pkcs15-tool.xml rename to doc/tools/pkcs15-tool.1.xml index 24176e3c..7de1e869 100644 --- a/doc/tools/pkcs15-tool.xml +++ b/doc/tools/pkcs15-tool.1.xml @@ -70,14 +70,14 @@ - Verify PIN after card binding and before issuing any command + Verify PIN after card binding and before issuing any command (without 'auth-id' the first non-SO, non-Unblock PIN will be verified) Lists all data objects stored on the token. - For some cards the PKCS#15 attributes of the private data objects are + For some cards the PKCS#15 attributes of the private data objects are protected for reading and need the authentication with the User PIN. In such a case the option has to be used. @@ -102,7 +102,7 @@ - Unblocks a PIN stored on the token. Knowledge of the + Unblocks a PIN stored on the token. Knowledge of the Pin Unblock Key (PUK) is required for this operation. @@ -111,7 +111,7 @@ Lists all private keys stored on the token. General information about each private key is listed (eg. key name, id and algorithm). Actual private key values are not displayed. - For some cards the PKCS#15 attributes of the private keys are protected for reading + For some cards the PKCS#15 attributes of the private keys are protected for reading and need the authentication with the User PIN. In such a case the option has to be used. @@ -127,7 +127,7 @@ Reads the public key with id id, allowing the user to extract and store or use the public key. - + id Reads the public key with id id, @@ -156,7 +156,7 @@ aid - Specify in a hexadecimal form the AID of the on-card PKCS#15 + Specify in a hexadecimal form the AID of the on-card PKCS#15 application to be binded to. @@ -177,7 +177,7 @@ - + See also diff --git a/doc/tools/tools.xml b/doc/tools/tools.xml index b054ef00..4222a614 100644 --- a/doc/tools/tools.xml +++ b/doc/tools/tools.xml @@ -8,19 +8,19 @@ OpenSC - - - - - - - - - - - - + + + + + + + + + + + + - + diff --git a/doc/tools/westcos-tool.xml b/doc/tools/westcos-tool.1.xml similarity index 97% rename from doc/tools/westcos-tool.xml rename to doc/tools/westcos-tool.1.xml index 139e5ed3..07d4935c 100644 --- a/doc/tools/westcos-tool.xml +++ b/doc/tools/westcos-tool.1.xml @@ -25,8 +25,8 @@ Description The westcos-tool utility is used to manipulate - the westcos data structures on 2 Ko smart cards. Users can create PINs, - keys and certificates stored on the token. User PIN authentication is + the westcos data structures on 2 Ko smart cards. Users can create PINs, + keys and certificates stored on the token. User PIN authentication is performed for those operations that require it. @@ -41,25 +41,25 @@ Use the given reader. The default is the first reader with a card. - + Wait for a card to be inserted - + Generate a private key on smart card. The smart card must be not finalized and a PIN must be installed (ie. file for PIN must be created, see option - -i). By default key length is 1536 bits. User authentication is required for + -i). By default key length is 1536 bits. User authentication is required for this operation. - + Overwrite the key if there is already a key on card. - + length, @@ -107,7 +107,7 @@ file, - file + file Write certificate file in PEM format to the card. User authentication is required for this operation. @@ -126,7 +126,7 @@ path, path - Get the file path the file is written + Get the file path the file is written on disk with path name. User authentication is required for this operation. From dbc5f759696f294b9dc22a279f9dfc0689c2bf61 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Mon, 15 Aug 2011 10:48:17 +0200 Subject: [PATCH 09/26] doc/tools/Makefile.am: new Makefile template for autotools Created doc/tools/Makefile.am in order to generate a Makefile in doc/tools/. Use pattern rules in doc/tools/Makefile.am; clean up doc/Makefile.am. --- configure.ac | 1 + doc/Makefile.am | 32 +++----------------------------- doc/tools/Makefile.am | 23 +++++++++++++++++++++++ 3 files changed, 27 insertions(+), 29 deletions(-) create mode 100644 doc/tools/Makefile.am diff --git a/configure.ac b/configure.ac index cf373c92..991addf7 100644 --- a/configure.ac +++ b/configure.ac @@ -581,6 +581,7 @@ fi AC_CONFIG_FILES([ Makefile doc/Makefile + doc/tools/Makefile etc/Makefile src/Makefile src/common/Makefile diff --git a/doc/Makefile.am b/doc/Makefile.am index 370aed86..d572f429 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,32 +1,6 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +SUBDIRS = tools + dist_noinst_SCRIPTS = html.xsl man.xsl -dist_noinst_DATA = $(srcdir)/tools/*.xml api.css -if ENABLE_DOC -html_DATA = html.out/* -endif - -if ENABLE_MAN -man1_MANS = man.out/*.1 -man5_MANS = man.out/*.5 -endif - -html.out/*: html.out -html.out: - -rm -fr html.tmp html.out - $(MKDIR_P) html.tmp - $(XSLTPROC) --nonet --path "$(srcdir):$(xslstylesheetsdir)/html" --xinclude -o "html.tmp/tools.html" "html.xsl" "$(srcdir)/tools/tools.xml" - mv html.tmp html.out - -man.out/*.1: man.out -man.out: - -rm -fr man.tmp man.out - $(MKDIR_P) man.tmp - $(XSLTPROC) --nonet --path "$(srcdir):$(xslstylesheetsdir)/manpages" --xinclude -o "man.tmp/" "man.xsl" "$(srcdir)/tools/tools.xml" - mv man.tmp man.out - -man.out/*.5: man.out/*.1 - - -clean-local: - -rm -fr html.tmp man.tmp html.out man.out +dist_noinst_DATA = api.css diff --git a/doc/tools/Makefile.am b/doc/tools/Makefile.am new file mode 100644 index 00000000..7873d263 --- /dev/null +++ b/doc/tools/Makefile.am @@ -0,0 +1,23 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in + +dist_noinst_DATA = $(wildcard $(srcdir)/*.xml) +if ENABLE_DOC +html_DATA = tools.html +endif + +if ENABLE_MAN +man1_MANS = $(patsubst $(srcdir)/%.xml, %, $(wildcard $(srcdir)/*.1.xml)) +man5_MANS = $(patsubst $(srcdir)/%.xml, %, $(wildcard $(srcdir)/*.5.xml)) +endif + +tools.html: $(srcdir)/tools.xml $(wildcard $(srcdir)/*.1.xml) $(wildcard $(srcdir)/*.5.xml) + $(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/html" --xinclude -o $@ html.xsl $< + +%.1: $(srcdir)/%.1.xml + $(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/manpages" --xinclude -o $@ man.xsl $< + +%.5: $(srcdir)/%.5.xml + $(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/manpages" --xinclude -o $@ man.xsl $< + +clean-local: + -rm -rf $(html_DATA) $(man1_MANS) $(man5_MANS) From d3b865ee404619c6f427a9cf342b1028608ff39a Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Mon, 15 Aug 2011 15:33:48 +0200 Subject: [PATCH 10/26] doc/tools/Makefile.am: substitute @pkgdatadir@ --- doc/tools/Makefile.am | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/tools/Makefile.am b/doc/tools/Makefile.am index 7873d263..fb514fb3 100644 --- a/doc/tools/Makefile.am +++ b/doc/tools/Makefile.am @@ -14,10 +14,12 @@ tools.html: $(srcdir)/tools.xml $(wildcard $(srcdir)/*.1.xml) $(wildcard $(srcdi $(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/html" --xinclude -o $@ html.xsl $< %.1: $(srcdir)/%.1.xml - $(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/manpages" --xinclude -o $@ man.xsl $< + sed -e 's|@pkgdatadir[@]|$(pkgdatadir)|g' < $< \ + | $(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/manpages" --xinclude -o $@ man.xsl $< %.5: $(srcdir)/%.5.xml - $(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/manpages" --xinclude -o $@ man.xsl $< + sed -e 's|@pkgdatadir[@]|$(pkgdatadir)|g' < $< \ + | $(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/manpages" --xinclude -o $@ man.xsl $< clean-local: -rm -rf $(html_DATA) $(man1_MANS) $(man5_MANS) From a9c320f8f8b5de380075ba7f5850c24c5ad02be4 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Mon, 15 Aug 2011 16:58:01 +0200 Subject: [PATCH 11/26] doc/tools/*.xml: more consistent formatting uUse specific tags: for commands - This will install the private key contained in the file okir.p12, - and protect it with the PIN referenced by authentication ID 01. + This will install the private key contained in the file okir.p12, + and protect it with the PIN referenced by authentication ID 01. It will also store any X.509 certificates contained in the file, which is usually the user certificate that goes with the key, as well as the CA certificate. @@ -239,33 +240,37 @@ - name, - name + + name, + name + Tells pkcs15-init to load the specified general profile. Currently, the only application profile defined is - pkcs15, but you can write your own profiles and + pkcs15, but you can write your own profiles and specify them using this option. - The profile name can be combined with one or more profile - options, which slightly modify the profile's behavior. + The profile name can be combined with one or more profile + options, which slightly modify the profile's behavior. For instance, the default OpenSC profile supports the option, which installs a single PIN during card initialization. This PIN is then used both as the SO PIN as well as the user PIN for all keys stored on the card. - Profile name and options are separated by a - character, as in . + Profile name and options are separated by a + + character, as in pkcs15+onepin. - name, - name + + name, + name + Tells pkcs15-init to load the specified card @@ -275,7 +280,10 @@ - + + , + + This tells pkcs15-init to create a PKCS #15 @@ -285,7 +293,10 @@ - + + , + + This will erase the card prior to creating the PKCS #15 structure, @@ -296,12 +307,14 @@ - keyspec, - keyspec + + keyspec, + keyspec + Tells the card to generate new key and store it on the card. - keyspec consists of an algorithm name + keyspec consists of an algorithm name (currently, the only supported name is ), optionally followed by a slash and the length of the key in bits. It is a good idea to specify the key ID along with this command, @@ -316,8 +329,10 @@ - filename, - filename + + filename, + filename + Tells pkcs15-init to download the specified @@ -337,7 +352,9 @@ - filename + + filename + Tells pkcs15-init to download the specified @@ -350,8 +367,10 @@ - filename, - filename + + filename, + filename + Tells pkcs15-init to store the certificate given @@ -369,8 +388,10 @@ - filename, - filename + + filename, + filename + Tells pkcs15-init to update the certificate @@ -385,8 +406,10 @@ - , - + + , + + Tells pkcs15-init to not ask for the transport @@ -396,7 +419,12 @@ - + + , + , + , + + These options can be used to specify PIN/PUK values on the command @@ -410,11 +438,13 @@ - filename + + filename + Tells pkcs15-init to read additional options - from filename. The file is supposed to + from filename. The file is supposed to contain one long option per line, without the leading dashes, for instance: @@ -429,7 +459,10 @@ - + + , + + Causes pkcs15-init to be more verbose. Specify this diff --git a/doc/tools/pkcs15-tool.1.xml b/doc/tools/pkcs15-tool.1.xml index 7de1e869..c928eee5 100644 --- a/doc/tools/pkcs15-tool.1.xml +++ b/doc/tools/pkcs15-tool.1.xml @@ -37,7 +37,10 @@ - + + , + + Cache PKCS #15 token data to the local filesystem. Subsequent operations are performed on the cached data where possible. If the cache becomes out-of-sync with the token state (eg. new key is @@ -46,36 +49,50 @@ - + + + List the on-card PKCS#15 applications - cert, - cert + + cert, + cert + Reads the certificate with the given id. - + + , + + Lists all certificates stored on the token. - cert, - data + + cert, + data + Reads data object with OID, applicationName or label. - + + + Verify PIN after card binding and before issuing any command (without 'auth-id' the first non-SO, non-Unblock PIN will be verified) - + + , + + Lists all data objects stored on the token. For some cards the PKCS#15 attributes of the private data objects are protected for reading and need the authentication with the User PIN. @@ -84,30 +101,43 @@ - + + + Lists all PINs stored on the token. General information about each PIN is listed (eg. PIN name). Actual PIN values are not shown. - + + , + + Dump card objects. - + + + Changes a PIN or PUK stored on the token. User authentication is required for this operation. - + + , + + Unblocks a PIN stored on the token. Knowledge of the Pin Unblock Key (PUK) is required for this operation. - + + , + + Lists all private keys stored on the token. General information about each private key is listed (eg. key name, id and algorithm). Actual private key values are not displayed. @@ -117,58 +147,78 @@ - + + + Lists all public keys stored on the token, including key name, id, algorithm and length information. - id - Reads the public key with id id, + + id + + Reads the public key with id id, allowing the user to extract and store or use the public key. - id - Reads the public key with id id, - writing the output in format suitable for $HOME/.ssh/authorized_keys. + + id + + Reads the public key with id id, + writing the output in format suitable for + $HOME/.ssh/authorized_keys. - filename, - filename + + filename, + filename + Specifies where key output should be written. - If filename already exists, it will be overwritten. + If filename already exists, it will be overwritten. If this option is not given, keys will be printed to standard output. - + + + Disables token data caching. - pin, - pin + + pin, + pin + Specifies the auth id of the PIN to use for the operation. This is useful with the --change-pin operation. - aid + + aid + Specify in a hexadecimal form the AID of the on-card PKCS#15 application to be binded to. - num + + num + Forces pkcs15-tool to use reader - number num for operations. The default is to use + number num for operations. The default is to use reader number 0, the first reader in the system. - + + , + + Causes pkcs15-tool to be more verbose. Specify this flag several times to enable debug output in the OpenSC library. diff --git a/doc/tools/westcos-tool.1.xml b/doc/tools/westcos-tool.1.xml index 07d4935c..92a5da19 100644 --- a/doc/tools/westcos-tool.1.xml +++ b/doc/tools/westcos-tool.1.xml @@ -36,19 +36,28 @@ - num + + num, + num + Use the given reader. The default is the first reader with a card. - + + , + + Wait for a card to be inserted - + + , + + Generate a private key on smart card. The smart card must be not finalized and a PIN must be installed (ie. file for PIN must be created, see option -i). By default key length is 1536 bits. User authentication is required for @@ -56,65 +65,80 @@ - + + , + + Overwrite the key if there is already a key on card. - length, - length + length, + length Change the length of private key, use with . - + + , + + Install PIN file in token, you must provide PIN value with . - value, - value + value, + value set value of PIN. - value, - value + value, + value set value of PUK (or value of new PIN for change PIN command see ). - + + , + + Changes a PIN stored on the token. User authentication is required for this operation. - + + , + + Unblocks a PIN stored on the token. Knowledge of the PIN Unblock Key (PUK) is required for this operation. - file, - file + file, + file Write certificate file in PEM format to the card. User authentication is required for this operation. - + + , + + Finalize the card. Once finalized the default key is invalidated so PIN and PUK can't be changed anymore without user authentication. Warning, un-finalized are insecure because PIN can be changed without user authentication (knowledge of default key @@ -123,8 +147,8 @@ - path, - path + path, + path Get the file path the file is written on disk with path name. User authentication @@ -133,8 +157,8 @@ - path, - path + path, + path Put the file with name path from disk to card the file is written in path. User authentication @@ -142,12 +166,17 @@ - + + , + + Print help message on screen. - + + + Causes westcos-tool to be more verbose. Specify this flag several times to enable debug output in the OpenSC library. From 353067d7dbbfb212452ff81eceb76a29d497bdd7 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sat, 20 Aug 2011 16:51:45 +0200 Subject: [PATCH 12/26] tools.xml: use 2 reference sections: tools & file formats Split the contents into two reference sections: on for tools and one for file formats. --- doc/tools/tools.xml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/tools/tools.xml b/doc/tools/tools.xml index 4222a614..2827a68c 100644 --- a/doc/tools/tools.xml +++ b/doc/tools/tools.xml @@ -3,10 +3,10 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> - OpenSC tools + OpenSC - OpenSC + OpenSC tools @@ -20,7 +20,12 @@ + + + + OpenSC file formats + From 1bff1c1cc00ef1ecc070e573e3b863dd5f5b3575 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sat, 20 Aug 2011 18:09:19 +0200 Subject: [PATCH 13/26] opensc-explorer.1.xml: fix typos, more harmonization --- doc/tools/opensc-explorer.1.xml | 60 ++++++++++++++++----------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/doc/tools/opensc-explorer.1.xml b/doc/tools/opensc-explorer.1.xml index 9ffa1f34..9440a4de 100644 --- a/doc/tools/opensc-explorer.1.xml +++ b/doc/tools/opensc-explorer.1.xml @@ -102,14 +102,14 @@ ls - list all files in the current DF + List all files in the current DF cd file-id - change to another DF specified by file-id + Change to another DF specified by file-id @@ -119,7 +119,7 @@ cat sfi:sfi-id - print the contents of the currently selected EF or the contents of a file + Print the contents of the currently selected EF or the contents of a file specified by file-id or sfi-id. @@ -129,7 +129,7 @@ info [file-id] - display attributes of a file specified by file-id. + Display attributes of a file specified by file-id. If file-id is not supplied, the attributes of the current file are printed. @@ -138,7 +138,7 @@ create file-id size - create a new EF. file-id specifies the + Create a new EF. file-id specifies the id number and size is the size of the new file. @@ -147,21 +147,21 @@ delete file-id - remove the EF or DF specified by file-id + Remove the EF or DF specified by file-id rm file-id - remove the EF or DF specified by file-id + Remove the EF or DF specified by file-id verify key-typekey-id [key] - present a PIN or key to the card. Where key-type + Present a PIN or key to the card. Where key-type can be one of CHV, KEY or PRO. key-id is a number representing the key or PIN reference. key is the key or PIN to be verified in hex. @@ -178,7 +178,7 @@ change CHVid [[old-pin] new-pin] - change a PIN, where id is the PIN reference + Change a PIN, where id is the PIN reference Examples: @@ -198,7 +198,7 @@ put file-id input - copy a local file to the card. The local file is specified + Copy a local file to the card. The local file is specified by input while the card file is specified by file-id. @@ -208,12 +208,12 @@ get file-id [output] - copy an EF to a local file. The local file is specified + Copy an EF to a local file. The local file is specified by output while the card file is specified by file-id. - If output is ommited, the name of the output file will be - derivated from the full card path to file-id. + If output is omitted, the name of the output file will be + derived from the full card path to file-id. @@ -223,10 +223,10 @@ do_put hex-tag input - update internal card's 'tagged' data. + Update internal card's 'tagged' data. hex-tag is the tag of the card's data. input is the filename of the source file or the literal data presented as - a sequence of hexadecimal values or '"' enclosed string. + a sequence of hexadecimal values or " enclosed string. @@ -236,13 +236,13 @@ do_get hex-tag [output] - copy the internal card's 'tagged' data into the local file. + Copy the internal card's 'tagged' data into the local file. The local file is specified by output while the tag of the card's data is specified by hex-tag. - If output is ommited, the name of the output file will be - derivated from hex-tag. + If output is omitted, the name of the output file will be + derived from hex-tag. @@ -251,7 +251,7 @@ mkdir file-id size - create a DF. file-id specifies the id number + Create a DF. file-id specifies the id number and size is the size of the new file. @@ -259,7 +259,7 @@ erase - erase the card, if the card supports it. + Erase the card, if the card supports it. @@ -267,7 +267,7 @@ random count - generate random sequence of count bytes. + Generate random sequence of count bytes. @@ -276,12 +276,12 @@ update_record file-id rec-nr rec-offs data - update record specified by rec-nr of the file + Update record specified by rec-nr of the file specified by file-id with the literal data data starting from offset specified by rec-offs. data can be supplied as a sequence of the hex values or - as a '"' encolsed string. + as a " enclosed string. @@ -290,10 +290,10 @@ update_binary file-id offs data - binary update of the file specified by file-id with the literal data + Binary update of the file specified by file-id with the literal data data starting from offset specified by offs. data can be supplied as a sequence of the hex values or - as a '"' encolsed string. + as a " enclosed string. @@ -302,8 +302,8 @@ debug [level] - set OpenSC debug level to level. - If level is ommited the current debug level will be shown. + Set OpenSC debug level to level. + If level is omitted the current debug level will be shown. @@ -312,7 +312,7 @@ apdu hex-data - send a custom APDU command hex-data. + Send a custom APDU command hex-data. @@ -321,7 +321,7 @@ asn1 file-id - parse and print the ASN1 encoded content of the file specified by + Parse and print the ASN.1 encoded content of the file specified by file-id. @@ -330,7 +330,7 @@ quit - exit the program. + Exit the program. From 77d051ffc57fcf9e2322e8dadc5ad90a71f5bb69 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 12:26:20 +0200 Subject: [PATCH 14/26] piv-tool.1.xml: more harmonization, slight re-wording --- doc/tools/piv-tool.1.xml | 56 ++++++++++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 19 deletions(-) diff --git a/doc/tools/piv-tool.1.xml b/doc/tools/piv-tool.1.xml index 3250f06e..5cc99281 100644 --- a/doc/tools/piv-tool.1.xml +++ b/doc/tools/piv-tool.1.xml @@ -38,8 +38,8 @@ - Print the derived card serial number from the CHUID object if any. - output is in hex byte format. + Print the card serial number derived from the CHUID object, + if any. Output is in hex byte format. @@ -54,11 +54,16 @@ argument Authenticate to the card using a 2DES or 3DES key. - An argument {A|M}:{ref}:{alg} is required, were A uses "EXTERNAL AUTHENTICATION" - and M uses "MUTUAL AUTHENTICATION". ref is normally 9B, and alg is 03 for - 3DES. The key is provided by card vendor, and the environment variable - PIV_EXT_AUTH_KEY must point to a text file with the key in the format: - XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX + The argument of the form + {A|M}:ref:alg + is required, were A uses "EXTERNAL AUTHENTICATION" + and M uses "MUTUAL AUTHENTICATION". + ref is normally 9B, + and alg is 03 for 3DES. + The key is provided by the card vendor, and the environment variable + PIV_EXT_AUTH_KEY must point to a text file containing + the key in the format: + XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX @@ -67,17 +72,22 @@ argument Generate a key pair on the card and output the public key. - An argument {ref}:{alg} is required, where ref is 9A, 9C, 9D or 9E and alg is - 06, 07, 11 or 14 for RSA 1024, RSA 2048, ECC 256 or ECC 384. - + The argument of th form + ref:alg + is required, where ref is 9A, + 9C, 9D or 9E and + alg is 06, + 07, 11 or 14 + for RSA 1024, RSA 2048, ECC 256 or ECC 384 respectively. ContainerID, ContainerID - Load an object on to the card. The ContainerID is defined - in NIST 800-73-n without leading 0x. Example: CHUID object is 3000 + Load an object on to the card. + The ContainerID is as defined in NIST 800-73-n + without leading 0x. Example: CHUID object is 3000 @@ -86,7 +96,10 @@ ref, ref - Load a certificate on to the card. ref is 9A, 9C, 9D or 9E + Load a certificate on to the card. + ref is 9A, + 9C, 9D or + 9E @@ -95,7 +108,9 @@ ref Load a certificate that has been gziped on to the card. - ref is 9A, 9C, 9D or 9E + ref is 9A, + 9C, 9D or + 9E @@ -129,7 +144,8 @@ apdu, apdu - Sends an arbitrary APDU to the card in the format AA:BB:CC:DD:EE:FF... + Sends an arbitrary APDU to the card in the format + AA:BB:CC:DD:EE:FF.... This option may be repeated. @@ -138,15 +154,16 @@ num, num - Use the given reader number. The default is 0, - the first reader in the system. + Use the given reader number. The default is + 0, the first reader in the system. driver, driver - Use the given card driver. The default is auto-detected. + Use the given card driver. + The default is auto-detected. @@ -161,7 +178,8 @@ Causes piv-tool to be more verbose. - Specify this flag several times to enable debug output in the opensc library. + Specify this flag several times to enable debug output in the opensc + library. From d6a9cda78b6d867fa038cd2a4654d34a2a1e0d67 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 12:33:13 +0200 Subject: [PATCH 15/26] pkcs15-crypt.1.xml: sort options alphabetically --- doc/tools/pkcs15-crypt.1.xml | 131 ++++++++++++++++++----------------- 1 file changed, 67 insertions(+), 64 deletions(-) diff --git a/doc/tools/pkcs15-crypt.1.xml b/doc/tools/pkcs15-crypt.1.xml index dbdce718..d689742e 100644 --- a/doc/tools/pkcs15-crypt.1.xml +++ b/doc/tools/pkcs15-crypt.1.xml @@ -36,43 +36,11 @@ - , - + aid - Perform digital signature operation on - the data read from a file specified using the - option. By default, the contents of the file are assumed to - be the result of an MD5 hash operation. Note that pkcs15-crypt - expects the data in binary representation, not ASCII. - The digital signature is stored, in binary representation, - in the file specified by the option. If - this option is not given, the signature is printed on standard - output, displaying non-printable characters using their hex notation - xNN (see also ). - - - - - - - By default, pkcs15-crypt - assumes that input data has been padded to the correct length - (i.e. when computing an RSA signature using a 1024 bit key, - the input must be padded to 128 bytes to match the modulus - length). When giving the option, - however, pkcs15-crypt will perform the - required padding using the algorithm outlined in the - PKCS #1 standard version 1.5. - - - - - - - This option tells pkcs15-crypt - that the input file is the result of an SHA1 hash operation, - rather than an MD5 hash. Again, the data must be in binary - representation. + Specify the AID of the on-card PKCS#15 applicationi + to bind to. The aid must be in hexadecimal + form. @@ -89,25 +57,6 @@ ). - - - id, - id - - Selects the ID of the key to use. - - - - - N, - N - - Selects the N-th smart - card reader configured by the system. If unspecified, - pkcs15-crypt will use the first reader - found. - - file, @@ -118,18 +67,18 @@ - file, - file + id, + id - Any output will be sent to the specified file. + Selects the ID of the key to use. - , - + file, + file - Outputs raw 8 bit data. + Any output will be sent to the specified file. @@ -150,10 +99,64 @@ - aid + - Specify in a hexadecimal form the AID of the on-card PKCS#15 - application to be binded to. + By default, pkcs15-crypt + assumes that input data has been padded to the correct length + (i.e. when computing an RSA signature using a 1024 bit key, + the input must be padded to 128 bytes to match the modulus + length). When giving the option, + however, pkcs15-crypt will perform the + required padding using the algorithm outlined in the + PKCS #1 standard version 1.5. + + + + + , + + + Outputs raw 8 bit data. + + + + + N, + N + + Selects the N-th smart + card reader configured by the system. If unspecified, + pkcs15-crypt will use the first reader + found. + + + + + + + This option tells pkcs15-crypt + that the input file is the result of an SHA1 hash operation, + rather than an MD5 hash. Again, the data must be in binary + representation. + + + + + , + + + Perform digital signature operation on + the data read from a file specified using the + option. By default, the contents of the file are assumed to + be the result of an MD5 hash operation. + Note that pkcs15-crypt + expects the data in binary representation, not ASCII. + The digital signature is stored, in binary representation, + in the file specified by the option. If + this option is not given, the signature is printed on standard + output, displaying non-printable characters using their hex notation + xNN + (see also ). From 9f09113ab7ef1df7c5a1c106396e73f557e60228 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 12:45:13 +0200 Subject: [PATCH 16/26] opensc-explorer.1.xml: sort options & commands alphabetically --- doc/tools/opensc-explorer.1.xml | 256 ++++++++++++++++---------------- 1 file changed, 127 insertions(+), 129 deletions(-) diff --git a/doc/tools/opensc-explorer.1.xml b/doc/tools/opensc-explorer.1.xml index 9440a4de..352e3b4d 100644 --- a/doc/tools/opensc-explorer.1.xml +++ b/doc/tools/opensc-explorer.1.xml @@ -40,16 +40,6 @@ opensc-explorer. There are additional interactive commands available once it is running. - - - num, - num - - - Use the given reader number. The default - is 0, the first reader in the system. - - driver, @@ -74,9 +64,13 @@ - , + num, + num - Wait for a card to be inserted + + Use the given reader number. The default + is 0, the first reader in the system. + @@ -88,6 +82,12 @@ debug output in the opensc library. + + + , + + Wait for a card to be inserted + @@ -100,16 +100,19 @@ - ls + apdu hex-data - List all files in the current DF + + Send a custom APDU command hex-data. + - cd file-id + asn1 file-id - Change to another DF specified by file-id + Parse and print the ASN.1 encoded content of the file specified by + file-id. @@ -117,61 +120,19 @@ cat [file-id] - cat sfi:sfi-id + cat sfi:short-id - Print the contents of the currently selected EF or the contents of a file - specified by file-id - or sfi-id. + Print the contents of the currently selected EF or the contents + of a file specified by file-id or the short file id + short-id. - info [file-id] + cd file-id - Display attributes of a file specified by file-id. - If file-id is not supplied, - the attributes of the current file are printed. - - - - - create file-id size - - Create a new EF. file-id specifies the - id number and size is the size of the new file. - - - - - - delete file-id - - Remove the EF or DF specified by file-id - - - - - rm file-id - - Remove the EF or DF specified by file-id - - - - - verify key-typekey-id [key] - - Present a PIN or key to the card. Where key-type - can be one of CHV, KEY or PRO. key-id is a number representing the - key or PIN reference. key is the key or PIN to be verified in hex. - - - If key is omitted, PIN will be verified with PIN-Pad. - - - Example: verify CHV0 31:32:33:34:00:00:00:00 - - + Change to another DF specified by file-id @@ -196,39 +157,28 @@ - put file-id input + create file-id size - Copy a local file to the card. The local file is specified - by input while the card file is specified by file-id. + Create a new EF. file-id specifies the + id number and size is the size of the new file. - get file-id [output] + debug [level] - Copy an EF to a local file. The local file is specified - by output while the card file is specified by file-id. - - - If output is omitted, the name of the output file will be - derived from the full card path to file-id. - + Set OpenSC debug level to level. + If level is omitted the current debug level will be shown. - do_put hex-tag input + delete file-id - - Update internal card's 'tagged' data. - hex-tag is the tag of the card's data. - input is the filename of the source file or the literal data presented as - a sequence of hexadecimal values or " enclosed string. - - + Remove the EF or DF specified by file-id @@ -249,10 +199,15 @@ - mkdir file-id size + do_put hex-tag input - Create a DF. file-id specifies the id number - and size is the size of the new file. + + Update internal card's 'tagged' data. + hex-tag is the tag of the card's data. + input is the filename of the source file or the literal data presented as + a sequence of hexadecimal values or " enclosed string. + + @@ -262,6 +217,61 @@ Erase the card, if the card supports it. + + + get file-id [output] + + + Copy an EF to a local file. The local file is specified + by output while the card file is specified by file-id. + + + If output is omitted, the name of the output file will be + derived from the full card path to file-id. + + + + + + + info [file-id] + + Display attributes of a file specified by file-id. + If file-id is not supplied, + the attributes of the current file are printed. + + + + + ls + + List all files in the current DF + + + + + mkdir file-id size + + Create a DF. file-id specifies the id number + and size is the size of the new file. + + + + + put file-id input + + Copy a local file to the card. The local file is specified + by input while the card file is specified by file-id. + + + + + + quit + + Exit the program. + + random count @@ -271,6 +281,25 @@ + + + rm file-id + + Remove the EF or DF specified by file-id + + + + + update_binary file-id offs data + + + Binary update of the file specified by file-id with the literal data + data starting from offset specified by offs. + data can be supplied as a sequence of the hex values or + as a " enclosed string. + + + update_record file-id rec-nr rec-offs data @@ -287,50 +316,19 @@ - update_binary file-id offs data + verify key-type key-id [key] - - Binary update of the file specified by file-id with the literal data - data starting from offset specified by offs. - data can be supplied as a sequence of the hex values or - as a " enclosed string. - - - - - - debug [level] - - - Set OpenSC debug level to level. - If level is omitted the current debug level will be shown. - - - - - - apdu hex-data - - - Send a custom APDU command hex-data. - - - - - - asn1 file-id - - - Parse and print the ASN.1 encoded content of the file specified by - file-id. - - - - - - quit - - Exit the program. + Present a PIN or key to the card. Where key-type + can be one of CHV, KEY or PRO. key-id is a number representing the + key or PIN reference. key is the key or PIN to be verified in hex. + + + If key is omitted, PIN will be verified with PIN-Pad. + + + Example: verify CHV0 31:32:33:34:00:00:00:00 + + From ca0343de429b3cbd6197265c0d1c5e2470f5c996 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 13:05:46 +0200 Subject: [PATCH 17/26] westcos-tool.1.xml: slight rewording --- doc/tools/westcos-tool.1.xml | 57 ++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/doc/tools/westcos-tool.1.xml b/doc/tools/westcos-tool.1.xml index 92a5da19..caa81e67 100644 --- a/doc/tools/westcos-tool.1.xml +++ b/doc/tools/westcos-tool.1.xml @@ -25,8 +25,8 @@ Description The westcos-tool utility is used to manipulate - the westcos data structures on 2 Ko smart cards. Users can create PINs, - keys and certificates stored on the token. User PIN authentication is + the westcos data structures on 2 Ko smart cards / tokens. Users can create PINs, + keys and certificates stored on the card / token. User PIN authentication is performed for those operations that require it. @@ -50,7 +50,7 @@ , - Wait for a card to be inserted + Wait for a card to be inserted. @@ -58,9 +58,10 @@ , - Generate a private key on smart card. The smart card must be - not finalized and a PIN must be installed (ie. file for PIN must be created, see option - -i). By default key length is 1536 bits. User authentication is required for + Generate a private key on the card. The card must not have + been finalized and a PIN must be installed (ie. the file for ithe PIN must + havei been created, see option ). + By default the key length is 1536 bits. User authentication is required for this operation. @@ -69,7 +70,7 @@ , - Overwrite the key if there is already a key on card. + Overwrite the key if there is already a key on the card. @@ -77,8 +78,8 @@ length, length - Change the length of private key, use with . - + Change the length of private key. + Use with . @@ -86,8 +87,8 @@ , - Install PIN file in token, you must provide PIN value - with . + Install PIN file in on the card. + You must provide a PIN value with . @@ -95,7 +96,7 @@ value, value - set value of PIN. + Set value of PIN. @@ -112,8 +113,8 @@ , - Changes a PIN stored on the token. User authentication - is required for this operation. + Changes a PIN stored on the card. + User authentication is required for this operation. @@ -121,7 +122,7 @@ , - Unblocks a PIN stored on the token. Knowledge of the + Unblocks a PIN stored on the card. Knowledge of the PIN Unblock Key (PUK) is required for this operation. @@ -130,8 +131,9 @@ file, file - Write certificate file in PEM format to the - card. User authentication is required for this operation. + Write certificate file file + in PEM format to the card. + User authentication is required for this operation. @@ -139,9 +141,11 @@ , - Finalize the card. Once finalized the default key is invalidated so PIN and PUK - can't be changed anymore without user authentication. Warning, - un-finalized are insecure because PIN can be changed without user authentication (knowledge of default key + Finalize the card. Once finalized the default key is + invalidated, so PIN and PUK cannot be changed anymore without user + authentication. + Warning, un-finalized are insecure because PIN can be changed + without user authentication (knowledge of default key is enough). @@ -150,9 +154,9 @@ path, path - Get the file path the file is written - on disk with path name. User authentication - is required for this operation. + Read the file path from the card. + The file is written on disk with name path. + User authentication is required for this operation. @@ -160,9 +164,10 @@ path, path - Put the file with name path from disk - to card the file is written in path. User authentication - is required for this operation. + Put the file with name path + from disk to card. + On the card the file is written in path. + User authentication is required for this operation. From ea18c4a0d0247fc4e5e2fbc511fc19d5f495ae68 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 13:08:52 +0200 Subject: [PATCH 18/26] cardos-tool.1.xml: sort options alphabetically --- doc/tools/cardos-tool.1.xml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/doc/tools/cardos-tool.1.xml b/doc/tools/cardos-tool.1.xml index 890e128e..553934b1 100644 --- a/doc/tools/cardos-tool.1.xml +++ b/doc/tools/cardos-tool.1.xml @@ -35,10 +35,10 @@ smart cards and similar security tokens based on Siemens Card/OS M4. - , - - - Display information about the card or token. + name, + name + Use the card driver specified by name. + The default is to auto-detect the correct card driver. @@ -47,20 +47,28 @@ smart cards and similar security tokens based on Siemens Card/OS M4. Format the card or token. + + + , + + + Display information about the card or token. + number, number Specify the reader number number to use. - The default is reader 0. + The default is reader 0. - name, - name - Use the card driver specified by name. - The default is to auto-detect the correct card driver. + , + + + Causes cardos-tool to be more verbose. + Specify this flag several times to enable debug output in the opensc library. @@ -71,14 +79,6 @@ smart cards and similar security tokens based on Siemens Card/OS M4. to be inserted into reader. - - - , - - - Causes cardos-tool to be more verbose. - Specify this flag several times to enable debug output in the opensc library. - From 6227e079cffeb84452aacf773107afa2cdf64eaf Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 13:11:32 +0200 Subject: [PATCH 19/26] cryptoflex-tool.1.xml: sort options alphabetically --- doc/tools/cryptoflex-tool.1.xml | 68 ++++++++++++++++----------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/doc/tools/cryptoflex-tool.1.xml b/doc/tools/cryptoflex-tool.1.xml index 17c055fb..d54f1c15 100644 --- a/doc/tools/cryptoflex-tool.1.xml +++ b/doc/tools/cryptoflex-tool.1.xml @@ -36,18 +36,10 @@ - , - + num, + num - Verifies CHV1 before issuing commands - - - - - , - - - Lists all keys stored in a public key file + Specifies the DF to operate in @@ -68,19 +60,19 @@ - , - + exp, + exp - Generate a new RSA key pair + Specifies the RSA exponent, exp, + to use in key generation. The default value is 3. - + , + - Reads a public key from the card, allowing the user to - extract and store or use the public key - + Generate a new RSA key pair @@ -94,10 +86,19 @@ - num, - num + , + - Specifies the DF to operate in + Lists all keys stored in a public key file + + + + + length, + length + + Specifies the modulus length to use + in key generation. The default value is 1024. @@ -120,20 +121,11 @@ - exp, - exp + - Specifies the RSA exponent, exp, - to use in key generation. The default value is 3. - - - - - length, - length - - Specifies the modulus length to use - in key generation. The default value is 1024. + Reads a public key from the card, allowing the user to + extract and store or use the public key + @@ -156,6 +148,14 @@ the opensc library. + + + , + + + Verifies CHV1 before issuing commands + + From 55699b9d666e7dfd1194779fd9e466f43bc7cd60 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 13:13:55 +0200 Subject: [PATCH 20/26] eidenv.1.xml: sort options alphabetically --- doc/tools/eidenv.1.xml | 52 +++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/doc/tools/eidenv.1.xml b/doc/tools/eidenv.1.xml index 7b569290..b5f45ace 100644 --- a/doc/tools/eidenv.1.xml +++ b/doc/tools/eidenv.1.xml @@ -39,20 +39,11 @@ - num, - num + prog, + prog - - Use the given reader. The default is the first reader with a card. - - - - - - , - - - Wait for a card to be inserted + Executes the given program with + data in environment variables. @@ -63,15 +54,6 @@ Print help message on screen. - - - , - - - Prints the version - of the utility and exits. - - , @@ -82,6 +64,16 @@ period, document number etc. + + + num, + num + + + Use the given reader. The default is the first reader with a card. + + + , @@ -93,11 +85,19 @@ - prog, - prog + , + - Executes the given program with - data in environment variables. + Prints the version + of the utility and exits. + + + + + , + + + Wait for a card to be inserted From 1df0340f57f447bb343ad8a269e6f0fb8cdaefde Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 13:15:33 +0200 Subject: [PATCH 21/26] netkey-tool.1.xml: sort options & commands alphabetically --- doc/tools/netkey-tool.1.xml | 70 ++++++++++++++++++------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/doc/tools/netkey-tool.1.xml b/doc/tools/netkey-tool.1.xml index 9d111d38..a9f5ea29 100644 --- a/doc/tools/netkey-tool.1.xml +++ b/doc/tools/netkey-tool.1.xml @@ -41,20 +41,6 @@ Displays a short help message. - - - number, - number - - Use smart card in specified reader. Default is reader 0. - - - - - - Causes netkey-tool to be more verbose. This - options may be specified multiple times to increase verbosity. - pin-value, @@ -83,6 +69,20 @@ Specifies the current value of the local PIN1 (aka local PUK). + + + number, + number + + Use smart card in specified reader. Default is reader 0. + + + + + + Causes netkey-tool to be more verbose. This + options may be specified multiple times to increase verbosity. + @@ -119,11 +119,24 @@ - unblock { pin | pin0 | pin1 } + cert number filename - This unblocks the specified pin. You must specify another pin - to be able to do this and if you don't specify a correct one, - netkey-tool will tell you which one is needed. + This command will read one of your cards certificates (as specified by + number) and save this certificate into file filename + in PEM-format. Certificates on a NetKey E4 card are readable without a pin, so you don't + have to specify one. + + + + cert filename number + + This command will read the first PEM-encoded certificate from file + filename and store this into your smart cards certificate file + number. Some of your smart cards certificate files might be readonly, so + this will not work with all values of number. If a certificate file is + writable you must specify a pin in order to change it. If you try to use this command + without specifying a pin, netkey-tool will tell you which one is + needed. @@ -147,24 +160,11 @@ - cert number filename + unblock { pin | pin0 | pin1 } - This command will read one of your cards certificates (as specified by - number) and save this certificate into file filename - in PEM-format. Certificates on a NetKey E4 card are readable without a pin, so you don't - have to specify one. - - - - cert filename number - - This command will read the first PEM-encoded certificate from file - filename and store this into your smart cards certificate file - number. Some of your smart cards certificate files might be readonly, so - this will not work with all values of number. If a certificate file is - writable you must specify a pin in order to change it. If you try to use this command - without specifying a pin, netkey-tool will tell you which one is - needed. + This unblocks the specified pin. You must specify another pin + to be able to do this and if you don't specify a correct one, + netkey-tool will tell you which one is needed. From bd85c8f472ccc06efcb585a8b4db146ea20eb6e1 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 13:20:28 +0200 Subject: [PATCH 22/26] opensc-tool.1.xml: sort options alphabetically --- doc/tools/opensc-tool.1.xml | 133 ++++++++++++++++++------------------ 1 file changed, 67 insertions(+), 66 deletions(-) diff --git a/doc/tools/opensc-tool.1.xml b/doc/tools/opensc-tool.1.xml index 6892cd3e..d4a95851 100644 --- a/doc/tools/opensc-tool.1.xml +++ b/doc/tools/opensc-tool.1.xml @@ -33,93 +33,94 @@ Options - - - , - - - Print information about OpenSC, such as version and enabled components - - , - Print the Answer To Reset (ATR) of the card, - output is in hex byte format - - - - , - - - Print the name of the inserted card (driver) - - - - - - Print the card serial number (normally the ICCSN), output is in hex byte -format - - - - apdu, - apdu - - Sends an arbitrary APDU to the card in the format AA:BB:CC:DD:EE:FF... - - - - , - - - Recursively lists all files stored on card - - - - , - - - Lists all configured readers - - - - , - - - Lists all installed card drivers - - - - num, - num - - Use the given reader number. The default is 0, the first reader -in the system. + Print the Answer To Reset (ATR) of the card. + Output is in hex byte format driver, driver - Use the given card driver. The default is auto-detected. + Use the given card driver. + The default is auto-detected. - , - + , + - Wait for a card to be inserted + Print information about OpenSC, such as version and enabled components. + + + + , + + + List all installed card drivers. + + + + , + + + Recursively list all files stored on card. + + + + , + + + List all configured readers. + + + + , + + + Print the name of the inserted card (driver). + + + + num, + num + + Use the given reader number. + The default is 0, the first reader in the system. + + + + apdu, + apdu + + Sends an arbitrary APDU to the card in the format + AA:BB:CC:DD:EE:FF.... + + + + + + Print the card serial number (normally the ICCSN). + Output is in hex byte format , - Causes opensc-tool to be more verbose. Specify this flag several times -to enable debug output in the opensc library. + Causes opensc-tool to be more verbose. + Specify this flag several times to enable debug output in the opensc library. + + + + , + + + Wait for a card to be inserted. From 6a6898a2ea2e8ed2667cace13456b00540a5a269 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 13:30:26 +0200 Subject: [PATCH 23/26] pkcs11-tool.1.xml: sort options alphabetically --- doc/tools/pkcs11-tool.1.xml | 347 ++++++++++++++++++------------------ 1 file changed, 174 insertions(+), 173 deletions(-) diff --git a/doc/tools/pkcs11-tool.1.xml b/doc/tools/pkcs11-tool.1.xml index 529329fc..56c8e61d 100644 --- a/doc/tools/pkcs11-tool.1.xml +++ b/doc/tools/pkcs11-tool.1.xml @@ -35,6 +35,110 @@ Options + + + path + + Extract information from path + (DER-encoded certificate file) and create the corresponding + attributes when writing an object to the token. Example: the + certificate subject name is used to create the CKA_SUBJECT + attribute. + + + + + , + + + Change the user PIN on the token + + + + + , + + + Hash some data. + + + + + id, + id + + Specify the id of the object to operate on. + + + + + + + Initializes the user PIN. This option + differs from --change-pin in that it sets the user PIN + for the first time. Once set, the user PIN can be changed + using . + + + + + + + Initialize a token: set the token label as + well as a Security Officer PIN (the label must be specified + using ). + + + + + path, + path + + Specify the path to a file for input. + + + + + , + + + Generate a new key pair (public and private pair.) + + + + + name, + name + + Specify the name of the object to operate on + (or the token label when + is used). + + + + + , + + + Display a list of mechanisms supported by the token. + + + + + , + + + Display a list of objects. + + + + + , + + + Display a list of available slots on the token. + + , @@ -45,6 +149,42 @@ provided on the command line. + + + mechanism, + mechanism + + Use the specified mechanism + for token operations. See for a list + of mechanisms supported by your token. + + + + + mod + + Specify a PKCS#11 module (or library) to + load. + + + + + path, + path + + Test a Mozilla-like keypair generation + and certificate request. Specify the path + to the certificate file. + + + + + path, + path + + Specify the path to a file for output. + + pin, @@ -60,49 +200,10 @@ - pin + id, + id - Use the given pin as the - Security Officer PIN for some token operations (token - initialization, user PIN initialization, etc). The same - warning as also applies here. - - - - - - - Initializes a token: set the token label as - well as a Security Officer PIN (the label must be specified - using ). - - - - - - - Initializes the user PIN. This option - differs from --change-pin in that it sets the user PIN - for the first time. Once set, the user PIN can be changed - using . - - - - - , - - - Change the user PIN on the token - - - - - , - - - Performs some tests on the token. This - option is most useful when used with either - or . + Set the CKA_ID of the object. @@ -110,31 +211,7 @@ , - Displays general token information. - - - - - , - - - Displays a list of available slots on the token. - - - - - , - - - Displays a list of mechanisms supported by the token. - - - - - , - - - Displays a list of objects. + Display general token information. @@ -145,70 +222,6 @@ Sign some data. - - - , - - - Hash some data. - - - - - mechanism, - mechanism - - Use the specified mechanism - for token operations. See for a list - of mechanisms supported by your token. - - - - - , - - - Generate a new key pair (public and private pair.) - - - - - id, - path - - Write a key or certificate object to the token. - path points to the DER-encoded certificate or key file. - - - - - - type, - type - - Specify the type of object to operate on. - Examples are cert, privkey - and pubkey. - - - - - id, - id - - Specify the id of the object to operate on. - - - - - name, - name - - Specify the name of the object to operate on - (or the token label when - is used). - - id @@ -234,74 +247,62 @@ label - Specify the label of token. Will be used the first slot, that has the - inserted token with this label. + Specify the label of token. + Will be used the first slot, that has the inserted token with this + label. - id, - id + pin - Set the CKA_ID of the object. + Use the given pin as the + Security Officer PIN for some token operations (token + initialization, user PIN initialization, etc). The same + warning as also applies here. - path + , + - Extract information from path - (DER-encoded certificate file) and create the corresponding - attributes when writing an object to the token. Example: the - certificate subject name is used to create the CKA_SUBJECT - attribute. + Perform some tests on the token. This + option is most useful when used with either + or . - path, - path + type, + type - Specify the path to a file for input. - - - - - path, - path - - Specify the path to a file for output. - - - - - mod - - Specify a PKCS#11 module (or library) to - load. - - - - - path, - path - - Tests a Mozilla-like keypair generation - and certificate request. Specify the path - to the certificate file. + Specify the type of object to operate on. + Examples are cert, privkey + and pubkey. , - Causes pkcs11-tool to be + Cause pkcs11-tool to be more verbose.NB! This does not affect OpenSC debugging level! To set OpenSC PKCS#11 module into debug - mode, set the OPENSC_DEBUG environment variable to a + mode, set the OPENSC_DEBUG environment variable to a non-zero number. + + + id, + path + + Write a key or certificate object to the token. + path points to the DER-encoded certificate or key file. + + + From 6b989aef577412c72bbcaf94b0978e89d8f6b5f3 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 13:36:38 +0200 Subject: [PATCH 24/26] pkcs15-init.1.xml: sort options alphabetically, slight rewording --- doc/tools/pkcs15-init.1.xml | 194 ++++++++++++++++++------------------ 1 file changed, 97 insertions(+), 97 deletions(-) diff --git a/doc/tools/pkcs15-init.1.xml b/doc/tools/pkcs15-init.1.xml index 4d8e433c..5771b64e 100644 --- a/doc/tools/pkcs15-init.1.xml +++ b/doc/tools/pkcs15-init.1.xml @@ -154,10 +154,10 @@ - Private Key Download + Private Key Upload - You can use a private key generated by other means and download it to the card. - For instance, to download a private key contained in a file named + You can use a private key generated by other means and upload it to the card. + For instance, to upload a private key contained in a file named okir.pem, which is in PEM format, you would use @@ -187,9 +187,9 @@ - Public Key Download + Public Key Upload - You can also download individual public keys to the card using the + You can also upload individual public keys to the card using the option, which takes a filename as an argument. This file is supposed to contain the public key. If you don't specify a key file format using the option, @@ -197,16 +197,16 @@ supported public key file format is DER. - Since the corresponding public keys are always downloaded automatically - when generating a new key, or when downloading a private key, you will + Since the corresponding public keys are always uploaded automatically + when generating a new key, or when uploading a private key, you will probably use this option only very rarely. - Certificate Download + Certificate Upload - You can download certificates to the card using the + You can upload certificates to the card using the option, which takes a filename as an argument. This file is supposed to contain the PEM encoded X.509 certificate. @@ -214,7 +214,7 @@ - Downloading PKCS #12 bags + Uploading PKCS #12 bags Most browsers nowadays use PKCS #12 format files when you ask them to export your key and certificate to a file. pkcs15-init @@ -239,33 +239,6 @@ Options - - - name, - name - - - - Tells pkcs15-init to load the specified general - profile. Currently, the only application profile defined is - pkcs15, but you can write your own profiles and - specify them using this option. - - - The profile name can be combined with one or more profile - options, which slightly modify the profile's behavior. - For instance, the default OpenSC profile supports the - option, which installs a single PIN during - card initialization. This PIN is then used both as the SO PIN as - well as the user PIN for all keys stored on the card. - - - Profile name and options are separated by a + - character, as in pkcs15+onepin. - - - - name, @@ -330,38 +303,67 @@ - filename, - filename + filename - Tells pkcs15-init to download the specified - private key to the card. This command will also create a public - key object containing the public key portion. By default, the - file is assumed to contain the key in PEM format. Alternative - formats can be specified using . - It is a good idea to specify the key ID along with this command, - using the option, otherwise an intrinsic ID - will be calculated from the key material. Look the description of - the 'pkcs15-id-style' attribut in the 'pkcs15.profile' for the details - about the algorithm used to calculate intrinsic ID. - For the multi-application cards the target PKCS#15 application can be - specified by the hexadecimal AID value of the option. + Tells pkcs15-init to read additional options + from filename. The file is supposed to + contain one long option per line, without the leading dashes, + for instance: + + pin frank + puk zappa + + + + You can specify several times. - filename + , + + , + , - Tells pkcs15-init to download the specified - public key to the card and create a public key object with the - key ID specified via the . By default, - the file is assumed to contain the key in PEM format. Alternative - formats can be specified using . + These options can be used to specify PIN/PUK values on the command + line. Note that on most operation systems, any user can display + the command line of any process on the system using utilities such + as ps(1). Therefore, you should use these options + only on a secured system, or in an options file specified with + . + + + + + + + name, + name + + + + Tells pkcs15-init to load the specified general + profile. Currently, the only application profile defined is + pkcs15, but you can write your own profiles and + specify them using this option. + + + The profile name can be combined with one or more profile + options, which slightly modify the profile's behavior. + For instance, the default OpenSC profile supports the + option, which installs a single PIN during + card initialization. This PIN is then used both as the SO PIN as + well as the user PIN for all keys stored on the card. + + + Profile name and options are separated by a + + character, as in pkcs15+onepin. @@ -387,6 +389,44 @@ + + + filename + + + + Tells pkcs15-init to download the specified + public key to the card and create a public key object with the + key ID specified via the . By default, + the file is assumed to contain the key in PEM format. Alternative + formats can be specified using . + + + + + + + filename, + filename + + + + Tells pkcs15-init to download the specified + private key to the card. This command will also create a public + key object containing the public key portion. By default, the + file is assumed to contain the key in PEM format. Alternative + formats can be specified using . + It is a good idea to specify the key ID along with this command, + using the option, otherwise an intrinsic ID + will be calculated from the key material. Look the description of + the 'pkcs15-id-style' attribut in the 'pkcs15.profile' for the details + about the algorithm used to calculate intrinsic ID. + For the multi-application cards the target PKCS#15 application can be + specified by the hexadecimal AID value of the option. + + + + filename, @@ -418,46 +458,6 @@ - - - , - , - , - - - - - These options can be used to specify PIN/PUK values on the command - line. Note that on most operation systems, any user can display - the command line of any process on the system using utilities such - as ps(1). Therefore, you should use these options - only on a secured system, or in an options file specified with - . - - - - - - - filename - - - - Tells pkcs15-init to read additional options - from filename. The file is supposed to - contain one long option per line, without the leading dashes, - for instance: - - pin frank - puk zappa - - - - You can specify several times. - - - - , From 56a1ab6769fc196a47792d60fea588344007f785 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 13:43:15 +0200 Subject: [PATCH 25/26] pkcs15-tool.1.xml: sort options alphabetically --- doc/tools/pkcs15-tool.1.xml | 184 ++++++++++++++++++------------------ 1 file changed, 92 insertions(+), 92 deletions(-) diff --git a/doc/tools/pkcs15-tool.1.xml b/doc/tools/pkcs15-tool.1.xml index c928eee5..1a3fbd25 100644 --- a/doc/tools/pkcs15-tool.1.xml +++ b/doc/tools/pkcs15-tool.1.xml @@ -36,6 +36,39 @@ Options + + + aid + + Specify in a hexadecimal form the AID of the on-card PKCS#15 + application to be binded to. + + + + + pin, + pin + + Specifies the auth id of the PIN to use for the + operation. This is useful with the --change-pin operation. + + + + + + + Changes a PIN or PUK stored on the token. User authentication + is required for this operation. + + + + + , + + + Dump card objects. + + , @@ -55,14 +88,6 @@ List the on-card PKCS#15 applications - - - cert, - cert - - Reads the certificate with the given id. - - , @@ -71,23 +96,6 @@ Lists all certificates stored on the token. - - - cert, - data - - Reads data object with OID, applicationName or label. - - - - - - - - Verify PIN after card binding and before issuing any command - (without 'auth-id' the first non-SO, non-Unblock PIN will be verified) - - , @@ -100,39 +108,6 @@ - - - - - Lists all PINs stored on the token. General information - about each PIN is listed (eg. PIN name). Actual PIN values are not shown. - - - - - , - - - Dump card objects. - - - - - - - Changes a PIN or PUK stored on the token. User authentication - is required for this operation. - - - - - , - - - Unblocks a PIN stored on the token. Knowledge of the - Pin Unblock Key (PUK) is required for this operation. - - , @@ -146,6 +121,14 @@ In such a case the option has to be used. + + + + + Lists all PINs stored on the token. General information + about each PIN is listed (eg. PIN name). Actual PIN values are not shown. + + @@ -154,6 +137,40 @@ key name, id, algorithm and length information. + + + + + Disables token data caching. + + + + + filename, + filename + + Specifies where key output should be written. + If filename already exists, it will be overwritten. + If this option is not given, keys will be printed to standard output. + + + + + cert, + cert + + Reads the certificate with the given id. + + + + + cert, + data + + Reads data object with OID, applicationName or label. + + + id @@ -171,40 +188,6 @@ $HOME/.ssh/authorized_keys. - - - filename, - filename - - Specifies where key output should be written. - If filename already exists, it will be overwritten. - If this option is not given, keys will be printed to standard output. - - - - - - - Disables token data caching. - - - - - pin, - pin - - Specifies the auth id of the PIN to use for the - operation. This is useful with the --change-pin operation. - - - - - aid - - Specify in a hexadecimal form the AID of the on-card PKCS#15 - application to be binded to. - - num @@ -214,6 +197,15 @@ reader number 0, the first reader in the system. + + + , + + + Unblocks a PIN stored on the token. Knowledge of the + Pin Unblock Key (PUK) is required for this operation. + + , @@ -224,6 +216,14 @@ in the OpenSC library. + + + + + Verify PIN after card binding and before issuing any command + (without 'auth-id' the first non-SO, non-Unblock PIN will be verified) + + From 3b6c985cca934ff30b66e4ec0161d50be11de8db Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 21 Aug 2011 13:46:02 +0200 Subject: [PATCH 26/26] westcos-tool.1.xml: sort options alphabetically --- doc/tools/westcos-tool.1.xml | 198 +++++++++++++++++------------------ 1 file changed, 99 insertions(+), 99 deletions(-) diff --git a/doc/tools/westcos-tool.1.xml b/doc/tools/westcos-tool.1.xml index caa81e67..e330e859 100644 --- a/doc/tools/westcos-tool.1.xml +++ b/doc/tools/westcos-tool.1.xml @@ -35,79 +35,6 @@ Options - - - num, - num - - - Use the given reader. The default is the first reader with a card. - - - - - - , - - - Wait for a card to be inserted. - - - - - , - - - Generate a private key on the card. The card must not have - been finalized and a PIN must be installed (ie. the file for ithe PIN must - havei been created, see option ). - By default the key length is 1536 bits. User authentication is required for - this operation. - - - - - , - - - Overwrite the key if there is already a key on the card. - - - - - length, - length - - Change the length of private key. - Use with . - - - - - , - - - Install PIN file in on the card. - You must provide a PIN value with . - - - - - value, - value - - Set value of PIN. - - - - - value, - value - - set value of PUK (or value of new PIN for change PIN - command see ). - - , @@ -117,15 +44,6 @@ User authentication is required for this operation. - - - , - - - Unblocks a PIN stored on the card. Knowledge of the - PIN Unblock Key (PUK) is required for this operation. - - file, @@ -149,6 +67,69 @@ is enough). + + + , + + + Generate a private key on the card. The card must not have + been finalized and a PIN must be installed (ie. the file for ithe PIN must + havei been created, see option ). + By default the key length is 1536 bits. User authentication is required for + this operation. + + + + + , + + + Print help message on screen. + + + + + , + + + Install PIN file in on the card. + You must provide a PIN value with . + + + + + length, + length + + Change the length of private key. + Use with . + + + + + , + + + Overwrite the key if there is already a key on the card. + + + + + value, + value + + Set value of PIN. + + + + + value, + value + + set value of PUK (or value of new PIN for change PIN + command see ). + + path, @@ -159,6 +140,42 @@ User authentication is required for this operation. + + + num, + num + + + Use the given reader. The default is the first reader with a card. + + + + + + , + + + Unblocks a PIN stored on the card. Knowledge of the + PIN Unblock Key (PUK) is required for this operation. + + + + + + + Causes westcos-tool to be more + verbose. Specify this flag several times to enable debug output + in the OpenSC library. + + + + + , + + + Wait for a card to be inserted. + + path, @@ -170,23 +187,6 @@ User authentication is required for this operation. - - - , - - - Print help message on screen. - - - - - - - Causes westcos-tool to be more - verbose. Specify this flag several times to enable debug output - in the OpenSC library. - -