pkcs15-init: documented remaining commandline switches
fixes https://github.com/OpenSC/OpenSC/issues/1267
This commit is contained in:
parent
318329d5b7
commit
99eed0aa82
|
@ -2,8 +2,7 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
|
||||||
|
|
||||||
EXTRA_DIST = completion-template
|
EXTRA_DIST = completion-template
|
||||||
|
|
||||||
# TODO XXX Uncomment after fixing issue #1267
|
TESTS = test-manpage.sh
|
||||||
#TESTS = test-manpage.sh
|
|
||||||
|
|
||||||
dist_noinst_DATA = $(wildcard $(srcdir)/*.xml)
|
dist_noinst_DATA = $(wildcard $(srcdir)/*.xml)
|
||||||
if ENABLE_DOC
|
if ENABLE_DOC
|
||||||
|
|
|
@ -59,8 +59,14 @@ smart cards and similar security tokens based on Siemens Card/OS M4.
|
||||||
<option>--reader</option> <replaceable>number</replaceable>,
|
<option>--reader</option> <replaceable>number</replaceable>,
|
||||||
<option>-r</option> <replaceable>number</replaceable>
|
<option>-r</option> <replaceable>number</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Specify the reader number <replaceable>number</replaceable> to use.
|
<listitem>
|
||||||
The default is reader <literal>0</literal>.</para></listitem>
|
<para>
|
||||||
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
|
|
|
@ -134,9 +134,14 @@
|
||||||
<option>--reader</option> <replaceable>num</replaceable>,
|
<option>--reader</option> <replaceable>num</replaceable>,
|
||||||
<option>-r</option> <replaceable>num</replaceable>
|
<option>-r</option> <replaceable>num</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Forces <command>cryptoflex-tool</command> to use
|
<listitem>
|
||||||
reader number <replaceable>num</replaceable> for operations. The default
|
<para>
|
||||||
is to use reader number 0, the first reader in the system.</para></listitem>
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
@ -86,8 +86,14 @@
|
||||||
<option>--reader</option> <replaceable>number</replaceable>,
|
<option>--reader</option> <replaceable>number</replaceable>,
|
||||||
<option>-r</option> <replaceable>number</replaceable>
|
<option>-r</option> <replaceable>number</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Specify the reader <replaceable>number</replaceable> to use.
|
<listitem>
|
||||||
The default is reader 0.</para></listitem>
|
<para>
|
||||||
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
|
|
|
@ -69,9 +69,14 @@
|
||||||
<option>--reader</option> <replaceable>num</replaceable>,
|
<option>--reader</option> <replaceable>num</replaceable>,
|
||||||
<option>-r</option> <replaceable>num</replaceable>
|
<option>-r</option> <replaceable>num</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>
|
<listitem>
|
||||||
Use the given reader. The default is the first reader with a card.
|
<para>
|
||||||
</para></listitem>
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
@ -82,8 +82,14 @@
|
||||||
<option>--reader</option> <replaceable>argument</replaceable>,
|
<option>--reader</option> <replaceable>argument</replaceable>,
|
||||||
<option>-r</option> <replaceable>argument</replaceable>
|
<option>-r</option> <replaceable>argument</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Uses reader number
|
<listitem>
|
||||||
<replaceable>argument</replaceable>.</para></listitem>
|
<para>
|
||||||
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
|
|
|
@ -36,8 +36,14 @@
|
||||||
<term>
|
<term>
|
||||||
<option>--reader</option> <replaceable>number</replaceable>,
|
<option>--reader</option> <replaceable>number</replaceable>,
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Specify the reader number <replaceable>number</replaceable> to use.
|
<listitem>
|
||||||
The default is reader <literal>0</literal>.</para></listitem>
|
<para>
|
||||||
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
|
|
|
@ -74,7 +74,14 @@
|
||||||
<option>--reader</option> <replaceable>number</replaceable>,
|
<option>--reader</option> <replaceable>number</replaceable>,
|
||||||
<option>-r</option> <replaceable>number</replaceable>
|
<option>-r</option> <replaceable>number</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Use smart card in specified reader. Default is reader 0.</para></listitem>
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
|
|
|
@ -91,9 +91,14 @@
|
||||||
<option>--reader</option> <replaceable>num</replaceable>,
|
<option>--reader</option> <replaceable>num</replaceable>,
|
||||||
<option>-r</option> <replaceable>num</replaceable>
|
<option>-r</option> <replaceable>num</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>
|
<listitem>
|
||||||
Use the given reader. The default is the first reader with a card.
|
<para>
|
||||||
</para></listitem>
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
@ -68,10 +68,14 @@
|
||||||
<option>--reader</option> <replaceable>num</replaceable>,
|
<option>--reader</option> <replaceable>num</replaceable>,
|
||||||
<option>-r</option> <replaceable>num</replaceable>
|
<option>-r</option> <replaceable>num</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>
|
<listitem>
|
||||||
Use the given reader number. The default
|
<para>
|
||||||
is 0, the first reader in the system.
|
Specify the reader to use. By default, the first
|
||||||
</para></listitem>
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
|
|
|
@ -115,8 +115,14 @@
|
||||||
<option>--reader</option> <replaceable>num</replaceable>,
|
<option>--reader</option> <replaceable>num</replaceable>,
|
||||||
<option>-r</option> <replaceable>num</replaceable>
|
<option>-r</option> <replaceable>num</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Use the given reader number.
|
<listitem>
|
||||||
The default is <literal>0</literal>, the first reader in the system.</para></listitem>
|
<para>
|
||||||
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
|
|
|
@ -154,8 +154,14 @@
|
||||||
<option>--reader</option> <replaceable>num</replaceable>,
|
<option>--reader</option> <replaceable>num</replaceable>,
|
||||||
<option>-r</option> <replaceable>num</replaceable>
|
<option>-r</option> <replaceable>num</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Use the given reader number. The default is
|
<listitem>
|
||||||
<literal>0</literal>, the first reader in the system.</para></listitem>
|
<para>
|
||||||
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
|
|
|
@ -132,10 +132,14 @@
|
||||||
<option>--reader</option> <replaceable>N</replaceable>,
|
<option>--reader</option> <replaceable>N</replaceable>,
|
||||||
<option>-r</option> <replaceable>N</replaceable>
|
<option>-r</option> <replaceable>N</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Selects the <replaceable>N</replaceable>-th smart
|
<listitem>
|
||||||
card reader configured by the system. If unspecified,
|
<para>
|
||||||
<command>pkcs15-crypt</command> will use the first reader
|
Specify the reader to use. By default, the first
|
||||||
found.</para></listitem>
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
@ -170,11 +170,11 @@
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Note that usage of <option>--id</option> option in the <command>pkcs15-init</command>
|
Note that usage of <option>--id</option> option in the <command>pkcs15-init</command>
|
||||||
commands to generate or to import a new key is deprecated.
|
commands to generate or to import a new key is deprecated.
|
||||||
Better practice is to let the middleware to derive the identifier from the key material.
|
Better practice is to let the middleware to derive the identifier from the key material.
|
||||||
(SHA1(modulus) for RSA, SHA1(pub) for DSA, ...).
|
(SHA1(modulus) for RSA, SHA1(pub) for DSA, ...).
|
||||||
This allows easily set up relation between 'related' objects
|
This allows easily set up relation between 'related' objects
|
||||||
(private/public keys and certificates).
|
(private/public keys and certificates).
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
In addition to the PEM key file format, <command>pkcs15-init</command> also
|
In addition to the PEM key file format, <command>pkcs15-init</command> also
|
||||||
|
@ -255,12 +255,12 @@
|
||||||
<title>Options</title>
|
<title>Options</title>
|
||||||
<para>
|
<para>
|
||||||
<variablelist>
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
<option>--version</option>,
|
<option>--version</option>,
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Print the OpenSC package release version.</para></listitem>
|
<listitem><para>Print the OpenSC package release version.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
<option>--card-profile</option> <replaceable>name</replaceable>,
|
<option>--card-profile</option> <replaceable>name</replaceable>,
|
||||||
|
@ -287,6 +287,17 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--serial</option> <replaceable>SERIAL</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specify the serial number of the card.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
<option>--erase-card</option>,
|
<option>--erase-card</option>,
|
||||||
|
@ -301,6 +312,18 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--erase-application</option> <replaceable>AID</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This will erase the application with the application identifier
|
||||||
|
<replaceable>AID</replaceable>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
<option>--generate-key</option> <replaceable>keyspec</replaceable>,
|
<option>--generate-key</option> <replaceable>keyspec</replaceable>,
|
||||||
|
@ -334,8 +357,8 @@
|
||||||
contain one long option per line, without the leading dashes,
|
contain one long option per line, without the leading dashes,
|
||||||
for instance:
|
for instance:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
pin frank
|
pin 1234
|
||||||
puk zappa
|
puk 87654321
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
|
@ -369,6 +392,17 @@ puk zappa
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--no-so-pin</option>,
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Do not install a SO PIN, and do not prompt for it.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
<option>--profile</option> <replaceable>name</replaceable>,
|
<option>--profile</option> <replaceable>name</replaceable>,
|
||||||
|
@ -419,13 +453,25 @@ puk zappa
|
||||||
Tells <command>pkcs15-init</command> to store the certificate given
|
Tells <command>pkcs15-init</command> to store the certificate given
|
||||||
in <option>filename</option> on the card, creating a certificate
|
in <option>filename</option> on the card, creating a certificate
|
||||||
object with the ID specified via the <option>--id</option> option.
|
object with the ID specified via the <option>--id</option> option.
|
||||||
Without supplied ID an intrinsic ID will be calculated from the
|
Without supplied ID an intrinsic ID will be calculated from the
|
||||||
certificate's public key. Look the description of the 'pkcs15-id-style'
|
certificate's public key. Look the description of the 'pkcs15-id-style'
|
||||||
attribute in the 'pkcs15.profile' for the details
|
attribute in the 'pkcs15.profile' for the details
|
||||||
about the algorithm used to calculate intrinsic ID.
|
about the algorithm used to calculate intrinsic ID.
|
||||||
The file is assumed to contain the PEM encoded certificate.
|
The file is assumed to contain the PEM encoded certificate.
|
||||||
For the multi-application cards the target application can be specified
|
For the multi-application cards the target application can be specified
|
||||||
by the hexadecimal AID value of the <option>aid</option> option.
|
by the hexadecimal AID value of the <option>aid</option> option.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--store-pin</option>,
|
||||||
|
<option>-P</option>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Store a new PIN/PUK on the card.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -459,11 +505,11 @@ puk zappa
|
||||||
formats can be specified using <option>--format</option>.
|
formats can be specified using <option>--format</option>.
|
||||||
It is a good idea to specify the key ID along with this command,
|
It is a good idea to specify the key ID along with this command,
|
||||||
using the <option>--id</option> option, otherwise an intrinsic ID
|
using the <option>--id</option> option, otherwise an intrinsic ID
|
||||||
will be calculated from the key material. Look the description of
|
will be calculated from the key material. Look the description of
|
||||||
the 'pkcs15-id-style' attribute in the 'pkcs15.profile' for the details
|
the 'pkcs15-id-style' attribute in the 'pkcs15.profile' for the details
|
||||||
about the algorithm used to calculate intrinsic ID.
|
about the algorithm used to calculate intrinsic ID.
|
||||||
For the multi-application cards the target PKCS#15 application can be
|
For the multi-application cards the target PKCS#15 application can be
|
||||||
specified by the hexadecimal AID value of the <option>aid</option> option.
|
specified by the hexadecimal AID value of the <option>aid</option> option.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -478,6 +524,8 @@ puk zappa
|
||||||
secret key to the card. The file is assumed to contain the raw key.
|
secret key to the card. The file is assumed to contain the raw key.
|
||||||
They key type should be specified with <option>--secret-key-algorithm</option>
|
They key type should be specified with <option>--secret-key-algorithm</option>
|
||||||
option.
|
option.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
You may additionally specify the key ID along with this command,
|
You may additionally specify the key ID along with this command,
|
||||||
using the <option>--id</option> option, otherwise a random ID is generated.
|
using the <option>--id</option> option, otherwise a random ID is generated.
|
||||||
For the multi-application cards the target PKCS#15 application can be
|
For the multi-application cards the target PKCS#15 application can be
|
||||||
|
@ -486,6 +534,18 @@ puk zappa
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--store-data</option> <replaceable>filename</replaceable>,
|
||||||
|
<option>-W</option> <replaceable>filename</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Store a data object.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
<option>--update-certificate</option> <replaceable>filename</replaceable>,
|
<option>--update-certificate</option> <replaceable>filename</replaceable>,
|
||||||
|
@ -495,11 +555,62 @@ puk zappa
|
||||||
<para>
|
<para>
|
||||||
Tells <command>pkcs15-init</command> to update the certificate
|
Tells <command>pkcs15-init</command> to update the certificate
|
||||||
object with the ID specified via the <option>--id</option> option
|
object with the ID specified via the <option>--id</option> option
|
||||||
with the certificate in <option>filename</option>.
|
with the certificate in <replaceable>filename</replaceable>.
|
||||||
The file is assumed to contain a PEM encoded certificate.
|
The file is assumed to contain a PEM encoded certificate.
|
||||||
</para>
|
</para>
|
||||||
<para>Pay extra attention when updating mail decryption certificates, as
|
<para>Pay extra attention when updating mail decryption certificates, as
|
||||||
missing certificates can render e-mail messages unreadable!
|
missing certificates can render e-mail messages unreadable!
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--delete-objects</option> <replaceable>arg</replaceable>,
|
||||||
|
<option>-D</option> <replaceable>arg</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Tells <command>pkcs15-init</command> to delete the
|
||||||
|
specified object. <replaceable>arg</replaceable>
|
||||||
|
is comma-separated list containing any of
|
||||||
|
<literal>privkey</literal>, <literal>pubkey</literal>,
|
||||||
|
<literal>secrkey</literal>, <literal>cert</literal>,
|
||||||
|
<literal>chain</literal> or <literal>data</literal>.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
When <literal>data</literal> is specified, an
|
||||||
|
-<option>--application-id</option> must also be
|
||||||
|
specified, in the other cases an
|
||||||
|
<option>--id</option> must also be specified
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
When <literal>chain</literal> is specified, the
|
||||||
|
certificate chain starting with the cert with
|
||||||
|
specified ID will be deleted, until there's a CA
|
||||||
|
certificate that certifies another cert on the card
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--change-attributes</option> <replaceable>arg</replaceable>,
|
||||||
|
<option>-A</option> <replaceable>arg</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Tells <command>pkcs15-init</command> to change the
|
||||||
|
specified attribute. <replaceable>arg</replaceable>
|
||||||
|
is either <literal>privkey</literal>,
|
||||||
|
<literal>pubkey</literal>, <literal>secrkey</literal>,
|
||||||
|
<literal>cert</literal> or <literal>data</literal>.
|
||||||
|
You also have to specify the <option>--id</option>
|
||||||
|
of the object.
|
||||||
|
For now, you can only change the <option>--label</option>, e.g:
|
||||||
|
<programlisting>
|
||||||
|
pkcs15-init -A cert --id 45 -a 1 --label Jim
|
||||||
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -517,6 +628,35 @@ puk zappa
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--sanity-check</option>,
|
||||||
|
<option>-T</option>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Tells <command>pkcs15-init</command> to perform a
|
||||||
|
card specific sanity check and possibly update
|
||||||
|
procedure.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--reader</option> <replaceable>num</replaceable>,
|
||||||
|
<option>-r</option> <replaceable>num</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
<option>--verbose</option>,
|
<option>--verbose</option>,
|
||||||
|
@ -536,7 +676,7 @@ puk zappa
|
||||||
<option>-w</option>
|
<option>-w</option>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Causes <command>pkcs15-init</command> to
|
<listitem><para>Causes <command>pkcs15-init</command> to
|
||||||
wait for a card insertion.</para></listitem>
|
wait for a card insertion.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
@ -546,6 +686,227 @@ puk zappa
|
||||||
<listitem><para>Do not prompt the user; if no PINs supplied, pinpad will be used.</para></listitem>
|
<listitem><para>Do not prompt the user; if no PINs supplied, pinpad will be used.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--puk-id</option> <replaceable>ID</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specify ID of PUK to use/create
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--puk-label</option> <replaceable>LABEL</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specify label of PUK
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--public-key-label</option> <replaceable>LABEL</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specify public key label (use with <option>--generate-key</option>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--cert-label</option> <replaceable>LABEL</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specify user cert label (use with <option>--store-private-key</option>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--application-name</option> <replaceable>arg</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specify application name of data object (use with <option>--store-data-object</option>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--aid</option> <replaceable>AID</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specify AID of the on-card PKCS#15 application to be binded to (in hexadecimal form)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--output-file</option> <replaceable>filename</replaceable>
|
||||||
|
<option>-o</option> <replaceable>filename</replaceable>,
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Output public portion of generated key to file
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--passphrase</option> <replaceable>PASSPHRASE</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specify passphrase for unlocking secret key
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--authority</option>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Mark certificate as a CA certificate
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--key-usage</option> <replaceable>arg</replaceable>
|
||||||
|
<option>-u</option> <replaceable>arg</replaceable>,
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specifies the X.509 key usage.
|
||||||
|
<replaceable>arg</replaceable> is comma-separated
|
||||||
|
list containing any of
|
||||||
|
<literal>digitalSignature</literal>,
|
||||||
|
<literal>nonRepudiation</literal>,
|
||||||
|
<literal>keyEncipherment</literal>,
|
||||||
|
<literal>dataEncipherment</literal>,
|
||||||
|
<literal>keyAgreement</literal>,
|
||||||
|
<literal>keyCertSign</literal>,
|
||||||
|
<literal>cRLSign</literal>. Abbreviated names are
|
||||||
|
allowed if unique (e.g.
|
||||||
|
<literal>dataEnc</literal>).
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The alias <literal>sign</literal> is equivalent to
|
||||||
|
<literal>digitalSignature,keyCertSign,cRLSign</literal>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The alias <literal>decrypt</literal> is equivalent to
|
||||||
|
<literal>keyEncipherment,dataEncipherment</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--finalize</option>
|
||||||
|
<option>-F</option>,
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Finish initialization phase of the smart card
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--update-last-update</option>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Update 'lastUpdate' attribute of tokenInfo
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--ignore-ca-certificates</option>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
When storing PKCS#12 ignore CA certificates
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--update-existing</option>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Store or update existing certificate
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--extractable</option>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Private key stored as an extractable key
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--insecure</option>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Insecure mode: do not require a PIN for private key
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--md-container-guid</option> <replaceable>GUID</replaceable>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
For a new key specify GUID for a MD container
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--help</option>
|
||||||
|
<option>-h</option>,
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Display help message
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
</variablelist>
|
</variablelist>
|
||||||
</para>
|
</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
|
@ -280,9 +280,14 @@
|
||||||
<term>
|
<term>
|
||||||
<option>--reader</option> <replaceable>num</replaceable>
|
<option>--reader</option> <replaceable>num</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Forces <command>pkcs15-tool</command> to use reader
|
<listitem>
|
||||||
number <replaceable>num</replaceable> for operations. The default is to use
|
<para>
|
||||||
reader number 0, the first reader in the system.</para></listitem>
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
@ -204,8 +204,14 @@
|
||||||
<option>--reader</option> <replaceable>num</replaceable>,
|
<option>--reader</option> <replaceable>num</replaceable>,
|
||||||
<option>-r</option> <replaceable>num</replaceable>
|
<option>-r</option> <replaceable>num</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>Use the given reader number. The default is
|
<listitem>
|
||||||
<literal>0</literal>, the first reader in the system.</para></listitem>
|
<para>
|
||||||
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -151,9 +151,14 @@
|
||||||
<option>--reader</option> <replaceable>num</replaceable>,
|
<option>--reader</option> <replaceable>num</replaceable>,
|
||||||
<option>-r</option> <replaceable>num</replaceable>
|
<option>-r</option> <replaceable>num</replaceable>
|
||||||
</term>
|
</term>
|
||||||
<listitem><para>
|
<listitem>
|
||||||
Use the given reader. The default is the first reader with a card.
|
<para>
|
||||||
</para></listitem>
|
Specify the reader to use. By default, the first
|
||||||
|
reader with a present card is used. If
|
||||||
|
<replaceable>num</replaceable> is an ATR, the
|
||||||
|
reader with a matching card will be chosen.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
@ -2574,7 +2574,7 @@ parse_objects(const char *list, unsigned int action)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (del_flags[n].name == NULL) {
|
if (del_flags[n].name == NULL) {
|
||||||
fprintf(stderr, "Unknown argument for --delete_objects: %.*s\n", len, list);
|
fprintf(stderr, "Unknown argument for --delete-objects: %.*s\n", len, list);
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
list += len;
|
list += len;
|
||||||
|
|
Loading…
Reference in New Issue