added docbook XML source for tools manpages
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2443 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
9894a10d37
commit
a355f9cdd7
|
@ -0,0 +1,64 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<refentry id="cardos-info">
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>cardos-info</refentrytitle>
|
||||||
|
<manvolnum>1</manvolnum>
|
||||||
|
<refmiscinfo>opensc</refmiscinfo>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>cardos-info</refname>
|
||||||
|
<refpurpose>displays information about Card OS-based security tokens
|
||||||
|
</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Synopsis</title>
|
||||||
|
<para>
|
||||||
|
<command>cardos-info</command> [OPTIONS]
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
<para>
|
||||||
|
The <command>cardos-info</command> utility is used to display information about
|
||||||
|
smart cards and similar security tokens based on Siemens Card/OS M4.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Options</title>
|
||||||
|
<para>
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--reader</option> number, <option>-r</option> number</term>
|
||||||
|
<listitem><para>Display information about the token in reader number <varname>number</varname>.
|
||||||
|
The default is reader 0.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--card-driver</option> name, <option>-c</option> driver</term>
|
||||||
|
<listitem><para>Use the card driver specified by <varname>name</varname>. The default
|
||||||
|
is to auto-detect the correct card driver.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--wait, -w</option></term>
|
||||||
|
<listitem><para>Causes <command>cardos-info</command> to wait for the token
|
||||||
|
to be inserted into reader.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--verbose, -v</option></term>
|
||||||
|
<listitem><para>Causes <command>cardos-info</command> to be more verbose. Specify this flag several times
|
||||||
|
to enable debug output in the opensc library.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>See also</title>
|
||||||
|
<para>opensc(7)</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
|
@ -0,0 +1,134 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<refentry id="cryptoflex-tool">
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>cryptoflex-tool</refentrytitle>
|
||||||
|
<manvolnum>1</manvolnum>
|
||||||
|
<refmiscinfo>opensc</refmiscinfo>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>cryptoflex-tool</refname>
|
||||||
|
<refpurpose>utility for manipulating Schlumberger Cryptoflex data structures</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Synopsis</title>
|
||||||
|
<para>
|
||||||
|
<command>cryptoflex-tool</command> [OPTIONS]
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
<para>
|
||||||
|
<command>cryptoflex-tool</command> is used to manipulate PKCS
|
||||||
|
data structures on Schlumberger Cryptoflex smart cards. Users
|
||||||
|
can create, list and read PINs and keys stored on the smart card.
|
||||||
|
User PIN authentication is performed for those operations that require it.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Options</title>
|
||||||
|
<para>
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--verify-pin, -V</option></term>
|
||||||
|
<listitem><para>Verifies CHV1 before issuing commands</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--list-keys, -l</option></term>
|
||||||
|
<listitem><para>Lists all keys stored in a public key file</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--create-key-files</option> <varname>arg</varname>,
|
||||||
|
<option>-c</option> <varname>arg</varname></term>
|
||||||
|
<listitem><para>Creates new RSA key files for <varname>arg</varname> keys</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--create-pin-files</option> <varname>id</varname>,
|
||||||
|
<option>-P</option> <varname>id</varname></term>
|
||||||
|
<listitem><para>Creates new PIN file for CHV<varname>id</varname></para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--generate-key, -g</option></term>
|
||||||
|
<listitem><para>Generate a new RSA key pair</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--read-key</option></term>
|
||||||
|
<listitem><para>Reads a public key from the card, allowing the user to
|
||||||
|
extract and store or use the public key
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--key-num</option> <varname>num</varname>,
|
||||||
|
<option>-k</option> <varname>num</varname></term>
|
||||||
|
<listitem><para>Specifies the key number to operate on. The default is
|
||||||
|
key number 1.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--app-df</option> <varname>num</varname>,
|
||||||
|
<option>-a</option> <varname>num</varname></term>
|
||||||
|
<listitem><para>Specifies the DF to operate in</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--prkey-file</option> <varname>id</varname>,
|
||||||
|
<option>-p</option> <varname>id</varname></term>
|
||||||
|
<listitem><para>Specifies the private key file id, <varname>id</varname>,
|
||||||
|
to use</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--pubkey-file</option> <varname>id</varname>,
|
||||||
|
<option>-u</option> <varname>id</varname></term>
|
||||||
|
<listitem><para>Specifies the public key file id, <varname>id</varname>,
|
||||||
|
to use</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--exponent</option> <varname>exp</varname>,
|
||||||
|
<option>-e</option> <varname>exp</varname></term>
|
||||||
|
<listitem><para>Specifies the RSA exponent, <varname>exp</varname>,
|
||||||
|
to use in key generation. The default value is 3.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--modulus-length</option> <varname>length</varname>,
|
||||||
|
<option>-m</option> <varname>length</varname></term>
|
||||||
|
<listitem><para>Specifies the modulus <varname>length</varname> to use
|
||||||
|
in key generation. The default value is 1024.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--reader</option> <varname>num</varname>,
|
||||||
|
<option>-r</option> <varname>num</varname></term>
|
||||||
|
<listitem><para>Forces <command>cryptoflex-tool</command> to use
|
||||||
|
reader number <varname>num</varname> for operations. The default
|
||||||
|
is to use reader number 0, the first reader in the system.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--verbose, -v</option></term>
|
||||||
|
<listitem><para>Causes <command>cryptoflex-tool</command> to be more
|
||||||
|
verbose. Specify this flag several times to enable debug output in
|
||||||
|
the opensc library.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>See also</title>
|
||||||
|
<para>opensc(7), pkcs15-tool(1)</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
|
@ -0,0 +1,77 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<refentry id="opensc-config">
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>opensc-config</refentrytitle>
|
||||||
|
<manvolnum>1</manvolnum>
|
||||||
|
<refmiscinfo>opensc</refmiscinfo>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>opensc-config</refname>
|
||||||
|
<refpurpose>a tool to get information about the installed version of OpenSC</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Synopsis</title>
|
||||||
|
<para>
|
||||||
|
<command>opensc-config</command> [OPTIONS]
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
<para>
|
||||||
|
<command>opensc-config</command> is a tool that is used to get various information
|
||||||
|
about the installed version of OpenSC. It is particularly useful in determining
|
||||||
|
compiler and linker flags necessary to build programs with the OpenSC libraries.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Options</title>
|
||||||
|
<para>
|
||||||
|
<command>opensc-config</command> accepts the following options:
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--version</option></term>
|
||||||
|
<listitem><para>Print the installed version of OpenSC to standard output.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--libs</option></term>
|
||||||
|
<listitem><para>Print the linker flags that are needed to compile a program
|
||||||
|
to use the OpenSC libraries.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--cflags</option></term>
|
||||||
|
<listitem><para>Print the compiler flags that are needed to compile a program
|
||||||
|
to use the OpenSC libraries.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--prefix=PREFIX</option></term>
|
||||||
|
<listitem><para>If specified, use PREFIX instead of the installation
|
||||||
|
prefix that OpenSC was built with when computing the output for the
|
||||||
|
--cflags and --libs options. This option is also used for the exec
|
||||||
|
prefix if --exec-prefix was not specified. This option must be specified
|
||||||
|
before any --libs or --cflags options.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--exec-prefix=PREFIX</option></term>
|
||||||
|
<listitem><para>If specified, use PREFIX instead of the installation
|
||||||
|
exec prefix that OpenSC was built with when computing the output for
|
||||||
|
the --cflags and --libs options. This option must be specified before any
|
||||||
|
--libs or --cflags options.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>See also</title>
|
||||||
|
<para>opensc(7)</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
|
@ -0,0 +1,191 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<refentry id="opensc-explorer">
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>opensc-explorer</refentrytitle>
|
||||||
|
<manvolnum>1</manvolnum>
|
||||||
|
<refmiscinfo>opensc</refmiscinfo>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>opensc-explorer</refname>
|
||||||
|
<refpurpose>
|
||||||
|
generic interactive utility for accessing smart card
|
||||||
|
and similar security token functions
|
||||||
|
</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Synopsis</title>
|
||||||
|
<para>
|
||||||
|
<command>opensc-explorer</command> [OPTIONS]
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
<para>
|
||||||
|
The <command>opensc-explorer</command> utility can be
|
||||||
|
used interactively to perform miscellaneous operations
|
||||||
|
such as exploring the contents of or sending arbitrary
|
||||||
|
APDU commands to a smart card or similar security token.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Options</title>
|
||||||
|
<para>
|
||||||
|
The following are the command-line options for
|
||||||
|
<command>opensc-explorer</command>. There are additional
|
||||||
|
interactive commands available once it is running.
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--reader</option> num,
|
||||||
|
<option>-r</option> num
|
||||||
|
</term>
|
||||||
|
<listitem><para>
|
||||||
|
Use the given reader number. The default
|
||||||
|
is 0, the first reader in the system.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--card-driver</option> driver,
|
||||||
|
<option>-c</option> driver
|
||||||
|
</term>
|
||||||
|
<listitem><para>
|
||||||
|
Use the given card driver. The default is
|
||||||
|
auto-detected.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--verbose, -v</option></term>
|
||||||
|
<listitem><para>
|
||||||
|
Causes <command>opensc-explorer</command> to be more
|
||||||
|
verbose. Specify this flag several times to enable
|
||||||
|
debug output in the opensc library.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Commands</title>
|
||||||
|
<para>
|
||||||
|
The following commands are supported at the <command>opensc-explorer</command>
|
||||||
|
interactive prompt.
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>ls</option></term>
|
||||||
|
<listitem><para>list all files in the current DF</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>cd</option> <varname>file-id</varname></term>
|
||||||
|
<listitem><para>change to another DF specified by <varname>file-id</varname></para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>cat</option></term>
|
||||||
|
<listitem><para>print the contents of the currently selected EF</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>info</option> [<varname>file-id</varname>]</term>
|
||||||
|
<listitem><para>display attributes of a file specified by <varname>file-id</varname>.
|
||||||
|
If <varname>file-id</varname> is not supplied,
|
||||||
|
the attributes of the current file are printed.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>create</option> <varname>file-id</varname> <varname>size</varname></term>
|
||||||
|
<listitem><para>create a new EF. <varname>file-id</varname> specifies the
|
||||||
|
id number and <varname>size</varname> is the size of the new file.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>delete</option> <varname>file-id</varname></term>
|
||||||
|
<listitem><para>remove the EF or DF specified by <varname>file-id</varname></para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>verify</option> <varname>key-type</varname><varname>key-id</varname>
|
||||||
|
[<varname>key</varname>]</term>
|
||||||
|
<listitem><para>present a PIN or key to the card. Where <varname>key-type</varname>
|
||||||
|
can be one of CHV, KEY or PRO. <varname>key-id</varname> is a number representing the
|
||||||
|
key or PIN number. <varname>key</varname> is the key or PIN to be verified in hex.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Example: verify CHV0 31:32:33:34:00:00:00:00
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>change CHV</option><varname>id [old-pin] new-pin</varname></term>
|
||||||
|
<listitem><para>change a PIN</para>
|
||||||
|
<para>
|
||||||
|
Example: change CHV0 31:32:33:34:00:00:00:00 'secret'
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>put</option> <varname>file-id</varname> [<varname>input</varname>]</term>
|
||||||
|
<listitem><para>copy a local file to the card. The local file is specified
|
||||||
|
by <varname>input</varname> while the card file is specified by <varname>file-id</varname>
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>get</option> <varname>file-id</varname> [<varname>output</varname>]</term>
|
||||||
|
<listitem><para>copy an EF to a local file. The local file is specified
|
||||||
|
by <varname>output</varname> while the card file is specified by <varname>file-id</varname>.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>mkdir</option> <varname>file-id</varname> <varname>size</varname></term>
|
||||||
|
<listitem><para>create a DF. <varname>file-id</varname> specifies the id number
|
||||||
|
and <varname>size</varname> is the size of the new file.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>pksign</option></term>
|
||||||
|
<listitem><para>create a public key signature. NOTE: This command is currently not implemented.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>pkdecrypt</option></term>
|
||||||
|
<listitem><para>perform a public key decryption. NOTE: This command is currently not implemented.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>erase</option></term>
|
||||||
|
<listitem><para>erase the card, if the card supports it.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>debug</option> [<varname>level</varname>]</term>
|
||||||
|
<listitem><para>get or set the debug level</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>quit</option></term>
|
||||||
|
<listitem><para>exit the program</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>See also</title>
|
||||||
|
<para>opensc(7), opensc-tool(1)</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
|
@ -0,0 +1,87 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<refentry id="opensc-tool">
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>opensc-tool</refentrytitle>
|
||||||
|
<manvolnum>1</manvolnum>
|
||||||
|
<refmiscinfo>opensc</refmiscinfo>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>opensc-tool</refname>
|
||||||
|
<refpurpose>generic smart card utility</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Synopsis</title>
|
||||||
|
<para>
|
||||||
|
<command>opensc-tool</command> [OPTIONS]
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
<para>
|
||||||
|
The <command>opensc-tool</command> utility can be used from the command line to perform
|
||||||
|
miscellaneous smart card operations such as getting the card ATR or
|
||||||
|
sending arbitrary APDU commands to a card.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Options</title>
|
||||||
|
<para>
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--atr, -a</option></term>
|
||||||
|
<listitem><para>Print the Answer To Reset (ATR) of the card,
|
||||||
|
output is in hex byte format</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--serial</option></term>
|
||||||
|
<listitem><para>Print the card serial number (normally the ICCSN), output is in hex byte
|
||||||
|
format</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--send-apdu</option> apdu, <option>-s</option> apdu</term>
|
||||||
|
<listitem><para>Sends an arbitrary APDU to the card in the format AA:BB:CC:DD:EE:FF...</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--list-files, -f</option></term>
|
||||||
|
<listitem><para>Recursively lists all files stored on card</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--list-readers, -l</option></term>
|
||||||
|
<listitem><para>Lists all configured readers</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--list-drivers, -D</option></term>
|
||||||
|
<listitem><para>Lists all installed card drivers</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--list-rdrivers, -R</option></term>
|
||||||
|
<listitem><para>Lists all installed reader drivers</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--reader</option> num, <option>-r</option> num</term>
|
||||||
|
<listitem><para>Use the given reader number. The default is 0, the first reader
|
||||||
|
in the system.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--card-driver</option> driver, <option>-c</option> driver</term>
|
||||||
|
<listitem><para>Use the given card driver. The default is auto-detected.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--verbose, -v</option></term>
|
||||||
|
<listitem><para>Causes <command>opensc-tool</command> to be more verbose. Specify this flag several times
|
||||||
|
to enable debug output in the opensc library.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>See also</title>
|
||||||
|
<para>opensc(7), opensc-explorer(1)</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
|
@ -0,0 +1,223 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<refentry id="pkcs11-tool">
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>pkcs11-tool</refentrytitle>
|
||||||
|
<manvolnum>1</manvolnum>
|
||||||
|
<refmiscinfo>opensc</refmiscinfo>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>pkcs11-tool</refname>
|
||||||
|
<refpurpose>utility for managing and using PKCS #11 security tokens</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Synopsis</title>
|
||||||
|
<para>
|
||||||
|
<command>pkcs11-tool</command> [OPTIONS]
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
<para>
|
||||||
|
The <command>pkcs11-tool</command> utility is used to manage the
|
||||||
|
data objects on smart cards and similar PKCS #11 security tokens.
|
||||||
|
Users can list and read PINs, keys and certificates stored on the
|
||||||
|
token. User PIN authentication is performed for those operations
|
||||||
|
that require it.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Options</title>
|
||||||
|
<para>
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--login, -l</option></term>
|
||||||
|
<listitem><para>Authenticate to the token before performing
|
||||||
|
other operations. This option is not needed if a PIN is
|
||||||
|
provided on the command line.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--pin</option> <varname>pin</varname>,
|
||||||
|
<option>-p</option> <varname>pin</varname></term>
|
||||||
|
<listitem><para>Use the given <varname>pin</varname> for
|
||||||
|
token operations. WARNING: Be careful using this option
|
||||||
|
as other users may be able to read the command line from
|
||||||
|
the system or if it is embedded in a script.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--so-pin</option> <varname>pin</varname></term>
|
||||||
|
<listitem><para>Use the given <varname>pin</varname> as the
|
||||||
|
Security Officer PIN for some token operations (token
|
||||||
|
initialization, user PIN initialization, etc). The same
|
||||||
|
warning as --pin also applies here.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--init-token</option></term>
|
||||||
|
<listitem><para>Initializes a token: set the token label as
|
||||||
|
well as a Security Officer PIN (the label must be specified
|
||||||
|
using --label).</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--init-pin</option></term>
|
||||||
|
<listitem><para>Initializes the user PIN. This option
|
||||||
|
differs from --change-pin in that it sets the user PIN
|
||||||
|
for the first time. Once set, the user PIN can be changed
|
||||||
|
using --change-pin.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--change-pin, -c</option></term>
|
||||||
|
<listitem><para>Change the user PIN on the token</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--test, -t</option></term>
|
||||||
|
<listitem><para>Performs some tests on the token. This
|
||||||
|
option is most useful when used with either --login or
|
||||||
|
--pin.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--show-info, -I</option></term>
|
||||||
|
<listitem><para>Displays general token information.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--list-slots, -L</option></term>
|
||||||
|
<listitem><para>Displays a list of available slots on the token.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--list-mechanisms, -M</option></term>
|
||||||
|
<listitem><para>Displays a list of mechanisms supported by the token.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--list-objects, -O</option></term>
|
||||||
|
<listitem><para>Displays a list of objects.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--sign, s</option></term>
|
||||||
|
<listitem><para>Sign some data.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--hash, -h</option></term>
|
||||||
|
<listitem><para>Hash some data.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--mechanism</option> <varname>mechanism</varname>,
|
||||||
|
<option>-m</option> <varname>mechanism</varname></term>
|
||||||
|
<listitem><para>Use the specified <varname>mechanism</varname>
|
||||||
|
for token operations. See -M for a list of mechanisms supported
|
||||||
|
by your token.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--keypairgen, -k</option></term>
|
||||||
|
<listitem><para>Generate a new key pair (public and private pair.)</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--write-object</option> <varname>id</varname>,
|
||||||
|
<option>-w</option> <varname>id</varname></term>
|
||||||
|
<listitem><para>Write a key or certificate object to the token.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--type</option> <varname>type</varname>,
|
||||||
|
<option>-y</option> <varname>type</varname></term>
|
||||||
|
<listitem><para>Specify the type of object to operate on.
|
||||||
|
Examples are <emphasis>cert</emphasis>, <emphasis>privkey</emphasis>
|
||||||
|
and <emphasis>pubkey</emphasis>.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--id</option> <varname>id</varname>,
|
||||||
|
<option>-d</option> <varname>id</varname></term>
|
||||||
|
<listitem><para>Specify the id of the object to operate on.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--label</option> <varname>name</varname>,
|
||||||
|
<option>-a</option> <varname>name</varname></term>
|
||||||
|
<listitem><para>Specify the name of the object to operate on
|
||||||
|
(or the token label when --init-token is used).</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--slot</option> <varname>id</varname></term>
|
||||||
|
<listitem><para>Specify the id of the slot to use.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--slot-id</option> <varname>name</varname></term>
|
||||||
|
<listitem><para>Specify the name of the slot to use.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--set-id</option> <varname>id</varname>,
|
||||||
|
<option>-e</option> <varname>id</varname></term>
|
||||||
|
<listitem><para>Set the CKA_ID of the object.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--attr-from</option> <varname>path</varname></term>
|
||||||
|
<listitem><para>Extract information from <varname>path</varname>
|
||||||
|
(DER-encoded certificate file) and create the corresponding
|
||||||
|
attributes when writing an object to the token. Example: the
|
||||||
|
certificate subject name is used to create the CKA_SUBJECT
|
||||||
|
attribute.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--input-file</option> <varname>path</varname>,
|
||||||
|
<option>-i</option> <varname>path</varname></term>
|
||||||
|
<listitem><para>Specify the path to a file for input.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--output-file</option> <varname>path</varname>,
|
||||||
|
<option>-o</option> <varname>path</varname></term>
|
||||||
|
<listitem><para>Specify the path to a file for output.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--module</option> <varname>mod</varname></term>
|
||||||
|
<listitem><para>Specify a module to load.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--moz-cert</option> <varname>path</varname>,
|
||||||
|
<option>-z</option> <varname>path</varname></term>
|
||||||
|
<listitem><para>Tests a Mozilla-like keypair generation
|
||||||
|
and certificate request. Specify the <varname>path</varname>
|
||||||
|
to the certificate file.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--verbose, -v</option></term>
|
||||||
|
<listitem><para>Causes <command>pkcs11-tool</command> to be
|
||||||
|
more verbose. Specify this flag several times to enable debug
|
||||||
|
output in the OpenSC library.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>See also</title>
|
||||||
|
<para>opensc(7)</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
|
@ -0,0 +1,141 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<refentry id="pkcs15-crypt">
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>pkcs15-crypt</refentrytitle>
|
||||||
|
<manvolnum>1</manvolnum>
|
||||||
|
<refmiscinfo>opensc</refmiscinfo>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>pkcs15-crypt</refname>
|
||||||
|
<refpurpose>perform crypto operations using pkcs15 smart card</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Synopsis</title>
|
||||||
|
<para>
|
||||||
|
<command>pkcs15-crypt</command> [OPTIONS]
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
<para>
|
||||||
|
The <command>pkcs15-crypt</command> utility can be used from the
|
||||||
|
command line to perform cryptographic operations such as computing
|
||||||
|
digital signatures or decrypting data, using keys stored on a PKCS
|
||||||
|
#15 compliant smart card.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Options</title>
|
||||||
|
<para>
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--sign, -s</option></term>
|
||||||
|
<listitem><para>Perform digital signature operation on
|
||||||
|
the data read from a file specified using the <option>input</option>
|
||||||
|
option. By default, the contents of the file are assumed to
|
||||||
|
be the result of an MD5 hash operation. Note that <command>pkcs15-crypt</command>
|
||||||
|
expects the data in binary representation, not ASCII.</para>
|
||||||
|
<para>The digital signature is stored, in binary representation,
|
||||||
|
in the file specified by the <option>output</option> option. If
|
||||||
|
this option is not given, the signature is printed on standard
|
||||||
|
output, displaying non-printable characters using their hex notation
|
||||||
|
xNN (see also <option>--raw</option>).</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--pkcs1</option></term>
|
||||||
|
<listitem><para>By default, <command>pkcs15-crypt</command>
|
||||||
|
assumes that input data has been padded to the correct length
|
||||||
|
(i.e. when computing an RSA signature using a 1024 bit key,
|
||||||
|
the input must be padded to 128 bytes to match the modulus
|
||||||
|
length). When giving the <option>--pkcs1</option> option,
|
||||||
|
however, <command>pkcs15-crypt</command> will perform the
|
||||||
|
required padding using the algorithm outlined in the
|
||||||
|
PKCS #1 standard version 1.5.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--sha-1</option></term>
|
||||||
|
<listitem><para>This option tells <command>pkcs15-crypt</command>
|
||||||
|
that the input file is the result of an SHA1 hash operation,
|
||||||
|
rather than an MD5 hash. Again, the data must be in binary
|
||||||
|
representation.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--decipher, -c</option></term>
|
||||||
|
<listitem><para>Decrypt the contents of the file specified by
|
||||||
|
the <option>--input</option> option. The result of the
|
||||||
|
decryption operation is written to the file specified by the
|
||||||
|
<option>--output</option> option. If this option is not given,
|
||||||
|
the decrypted data is printed to standard output, displaying
|
||||||
|
non-printable characters using their hex notation xNN (see also
|
||||||
|
<option>--raw</option>).</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--key</option> <varname>id</varname>,
|
||||||
|
<option>-k</option> <varname>id</varname></term>
|
||||||
|
<listitem><para>Selects the ID of the key to use.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--reader</option> <varname>N</varname>,
|
||||||
|
<option>-r</option> <varname>N</varname></term>
|
||||||
|
<listitem><para>Selects the <varname>N</varname>-th smart
|
||||||
|
card reader configured by the system. If unspecified,
|
||||||
|
<command>pkcs15-crypt</command> will use the first reader
|
||||||
|
found.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--input</option> <varname>file</varname>,
|
||||||
|
<option>-i</option> <varname>file</varname></term>
|
||||||
|
<listitem><para>Specifies the input file to use.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--output</option> <varname>file</varname>,
|
||||||
|
<option>-o</option> <varname>file</varname></term>
|
||||||
|
<listitem><para>Any output will be sent to the specified file.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--raw, -R</option></term>
|
||||||
|
<listitem><para>Outputs raw 8 bit data.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--pin</option> <varname>pin</varname>,
|
||||||
|
<option>-p</option> <varname>pin</varname></term>
|
||||||
|
<listitem><para>When the cryptographic operation requires a
|
||||||
|
PIN to access the key, <command>pkcs15-crypt</command> will
|
||||||
|
prompt the user for the PIN on the terminal. Using this option
|
||||||
|
allows you to specify the PIN on the command line.</para>
|
||||||
|
<para>Note that on most operating systems, the command line of
|
||||||
|
a process can be displayed by any user using the ps(1)
|
||||||
|
command. It is therefore a security risk to specify
|
||||||
|
secret information such as PINs on the command line.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--verbose, -v</option></term>
|
||||||
|
<listitem><para>Causes <command>pkcs15-crypt</command> to be more
|
||||||
|
verbose. Specify this flag several times to enable debug output
|
||||||
|
in the OpenSC library.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>See also</title>
|
||||||
|
<para>pkcs15-init(1), pkcs15-tool(1)</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
|
@ -0,0 +1,407 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<refentry id="">
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>pkcs15-init</refentrytitle>
|
||||||
|
<manvolnum>1</manvolnum>
|
||||||
|
<refmiscinfo>opensc</refmiscinfo>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>pkcs15-init</refname>
|
||||||
|
<refpurpose>smart card personalization utility</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
<para>
|
||||||
|
The <command>pkcs15-init</command> utility can be used to create a PKCS #15
|
||||||
|
structure on a smart card, and add key or certificate objects. Details of the
|
||||||
|
structure that will be created are controlled via profiles.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The profile used by default is <command>pkcs15</command>. Alternative
|
||||||
|
profiles can be specified via the <option>-p</option> switch.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>PIN Usage</title>
|
||||||
|
<para>
|
||||||
|
<command>pkcs15-init</command> can be used to create a PKCS #15 structure on
|
||||||
|
your smart card, create PINs, and install keys and certificates on the card.
|
||||||
|
This process is also called <emphasis>personalization</emphasis>.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
An OpenSC card can have one security officer PIN, and zero or more user PINs.
|
||||||
|
PIN stands for Personal Identification Number, and is a secret code you need
|
||||||
|
to present to the card before being allowed to perform certain operations,
|
||||||
|
such as using one of the stored RSA keys to sign a document, or modifying
|
||||||
|
the card itself.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Usually, PINs are a sequence of decimal digits, but some cards will accept
|
||||||
|
arbitrary ASCII characters. Be aware however that using characters other
|
||||||
|
than digits will make the card unusable with PIN pad readers, because those
|
||||||
|
usually have keys for entering digits only.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The security officer (SO) PIN is special; it is used to protect meta data
|
||||||
|
information on the card, such as the PKCS #15 structure itself. Setting
|
||||||
|
the SO PIN is optional, because the worst that can usually happen is that
|
||||||
|
someone finding your card can mess it up. To extract any of your secret
|
||||||
|
keys stored on the card, an attacker will still need your user PIN, at
|
||||||
|
least for the default OpenSC profiles. However, it is possible to create
|
||||||
|
card profiles that will allow the security officer to override user PINs.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
For each PIN, you can specify a PUK (also called <emphasis>unblock PIN</emphasis>).
|
||||||
|
The PUK can be used to overwrite or unlock a PIN if too many incorrect values
|
||||||
|
have been entered in a row.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Modes of operation</title>
|
||||||
|
<refsect2>
|
||||||
|
<title>Initialization</title>
|
||||||
|
<para>This is the first step during card personalization, and will create the
|
||||||
|
basic files on the card. To create the initial PKCS #15 structure, invoke the
|
||||||
|
utility as
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<command>pkcs15-init --create-pkcs15</command></para>
|
||||||
|
<para>
|
||||||
|
You will then be asked for several the security officer PIN and PUK. Simply
|
||||||
|
pressing return at the SO PIN prompt will skip installation of an SO PIN.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
If the card supports it, you can also request that the card is erased prior
|
||||||
|
to creating the PKCS #15 structure, by specifying the <option>--erase-card</option>
|
||||||
|
option.
|
||||||
|
</para>
|
||||||
|
</refsect2>
|
||||||
|
|
||||||
|
<refsect2>
|
||||||
|
<title>User PIN Installation</title>
|
||||||
|
<para>
|
||||||
|
Before installing any user objects such as private keys, you need at least one
|
||||||
|
PIN to protect these objects. you can do this using
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<command>pkcs15-init --store-pin --id " nn</command>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
where <emphasis>nn</emphasis> is a PKCS #15 ID in hexadecimal notation. Common
|
||||||
|
values are 01, 02, etc.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Entering the command above will ask you for the user's PIN and PUK. If you do
|
||||||
|
not wish to install an unblock PIN, simply press return at the PUK prompt.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
To set a label for this PIN object (which can be used by applications to display
|
||||||
|
a meaningful prompt to the user), use the <option>--label</option> command line option.
|
||||||
|
</para>
|
||||||
|
</refsect2>
|
||||||
|
|
||||||
|
<refsect2>
|
||||||
|
<title>Key generation</title>
|
||||||
|
<para>
|
||||||
|
<command>pkcs15-init</command> lets you generate a new key and store it on the card.
|
||||||
|
You can do this using:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<command>pkcs15-init --generate-key " keyspec " --auth-id " nn</command>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
where <option>keyspec</option> describes the algorithm and length of the
|
||||||
|
key to be created, such as <option>rsa/512</option>. This will create a 512 bit
|
||||||
|
RSA key. Currently, only RSA key generation is supported. Note that cards
|
||||||
|
usually support just a few different key lengths. Almost all cards will support
|
||||||
|
512 and 1024 bit keys, some will support 768 or 2048 as well.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<option>nn</option> is the ID of a user PIN installed previously, e.g. 01.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
In addition to storing the private portion of the key on the card,
|
||||||
|
<command>pkcs15-init</command> will also store the the public portion of the
|
||||||
|
key as a PKCS #15 public key object.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
By default, <command>pkcs15-init</command> will try to use the card's
|
||||||
|
on-board key generation facilities, if available. If the card does not
|
||||||
|
support on-board key generation, <command>pkcs15-init</command> will fall
|
||||||
|
back to software key generation.
|
||||||
|
</para>
|
||||||
|
</refsect2>
|
||||||
|
|
||||||
|
<refsect2>
|
||||||
|
<title>Private Key Download</title>
|
||||||
|
<para>
|
||||||
|
You can use a private key generated by other means and download it to the card.
|
||||||
|
For instance, to download a private key contained in a file named
|
||||||
|
<emphasis>okir.pem</emphasis>, which is in PEM format, you would use
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<command>pkcs15-init --store-private-key okir.pem --id 45 --auth-id 01</command>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
If the key is protected by a pass phrase, <command>pkcs15-init</command>
|
||||||
|
will prompt you for a pass phrase to unlock the key.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
In addition to storing the private portion of the key on the card,
|
||||||
|
<command>pkcs15-init</command> will also store the the public portion of the
|
||||||
|
key as a PKCS #15 public key object.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Note the use of the <option>--id</option> option. The current
|
||||||
|
<command>pkcs15</command> profile defines two key templates, one for
|
||||||
|
authentication (key ID 45), and one for non-repudiation purposes (key ID 46).
|
||||||
|
Other key templates will probably be added in the future. Note that if you don't
|
||||||
|
specify a key ID, <command>pkcs15-init</command> will pick just the first key
|
||||||
|
template defined by the profile.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
In addition to the PEM key file format, <command>pkcs15-init</command> also
|
||||||
|
supports DER encoded keys, and PKCS #12 files. The latter is the file format
|
||||||
|
used by Netscape Navigator (among others) when exporting certificates to
|
||||||
|
a file. A PKCS #12 file usually contains the X.509 certificate corresponding
|
||||||
|
to the private key. If that is the case, <command>pkcs15-init</command> will
|
||||||
|
store the certificate instead of the public key portion.
|
||||||
|
</para>
|
||||||
|
</refsect2>
|
||||||
|
|
||||||
|
<refsect2>
|
||||||
|
<title>Public Key Download</title>
|
||||||
|
<para>
|
||||||
|
You can also download individual public keys to the card using the
|
||||||
|
<option>--store-public-key</option> option, which takes a filename as an
|
||||||
|
argument. This file is supposed to contain the public key. If you don't
|
||||||
|
specify a key file format using the <option>--format</option> option,
|
||||||
|
<command>pkcs15-init</command> will assume PEM format. The only other
|
||||||
|
supported public key file format is DER.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Since the corresponding public keys are always downloaded automatically
|
||||||
|
when generating a new key, or when downloading a private key, you will
|
||||||
|
probably use this option only very rarely.
|
||||||
|
</para>
|
||||||
|
</refsect2>
|
||||||
|
|
||||||
|
<refsect2>
|
||||||
|
<title>Certificate Download</title>
|
||||||
|
<para>
|
||||||
|
You can download certificates to the card using the
|
||||||
|
<option>--store-certificate</option> option, which takes a filename as
|
||||||
|
an argument. This file is supposed to contain the DER encoded X.509
|
||||||
|
certificate.
|
||||||
|
</para>
|
||||||
|
</refsect2>
|
||||||
|
|
||||||
|
<refsect2>
|
||||||
|
<title>Downloading PKCS #12 bags</title>
|
||||||
|
<para>
|
||||||
|
Most browsers nowadays use PKCS #12 format files when you ask them to
|
||||||
|
export your key and certificate to a file. <command>pkcs15-init</command>
|
||||||
|
is capable of parsing these files, and storing their contents on the
|
||||||
|
card in a single operation. This works just like storing a private key,
|
||||||
|
except that you need to specify the file format:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<command>pkcs15-init --store-private-key okir.p12 --format pkcs12 --auth-id
|
||||||
|
01</command>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
This will install the private key contained in the file <emphasis>okir.p12</emphasis>,
|
||||||
|
and protect it with the PIN referenced by authentication ID <emphasis>01</emphasis>.
|
||||||
|
It will also store any X.509 certificates contained in the file, which is
|
||||||
|
usually the user certificate that goes with the key, as well as the CA certificate.
|
||||||
|
</para>
|
||||||
|
</refsect2>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Options</title>
|
||||||
|
<para>
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--profile</option> <emphasis>name</emphasis>,
|
||||||
|
<option>-p</option> <emphasis>name</emphasis></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Tells <command>pkcs15-init</command> to load the specified general
|
||||||
|
profile. Currently, the only application profile defined is
|
||||||
|
<command>pkcs15</command>, but you can write your own profiles and
|
||||||
|
specify them using this option.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The profile name can be combined with one or more <emphasis>profile
|
||||||
|
options</emphasis>, which slightly modify the profile's behavior.
|
||||||
|
For instance, the default OpenSC profile supports the
|
||||||
|
<option>openpin</option> option, which installs a single PIN during
|
||||||
|
card initialization. This PIN is then used both as the SO PIN as
|
||||||
|
well as the user PIN for all keys stored on the card.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Profile name and options are separated by a <option>+</option>
|
||||||
|
character, as in <option>pkcs15+onepin</option>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--card-profile</option> <emphasis>name</emphasis>,
|
||||||
|
<option>-c</option> <emphasis>name</emphasis></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Tells <command>pkcs15-init</command> to load the specified card
|
||||||
|
profile option. You will rarely need this option.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--create-pkcs15, -C</option></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This tells <command>pkcs15-init</command> to create a PKCS #15
|
||||||
|
structure on the card, and initialize any PINs.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--erase-card, -E</option></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This will erase the card prior to creating the PKCS #15 structure,
|
||||||
|
if the card supports it. If the card does not support erasing,
|
||||||
|
<command>pkcs15-init</command> will fail.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--generate-key</option> <emphasis>keyspec</emphasis>,
|
||||||
|
<option>-G</option> <emphasis>keyspec</emphasis></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Tells the card to generate new key and store it on the card.
|
||||||
|
<emphasis>keyspec</emphasis> consists of an algorithm name
|
||||||
|
(currently, the only supported name is <option>RSA</option>),
|
||||||
|
optionally followed by a slash and the length of the key in bits.
|
||||||
|
It is a good idea to specify the key ID along with this command,
|
||||||
|
using the <option>id</option> option.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--store-private-key</option> <emphasis>filename</emphasis>,
|
||||||
|
<option>-S</option> <emphasis>filename</emphasis></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Tells <command>pkcs15-init</command> to download the specified
|
||||||
|
private key to the card. This command will also create a public
|
||||||
|
key object containing the public key portion. By default, the
|
||||||
|
file is assumed to contain the key in PEM format. Alternative
|
||||||
|
formats can be specified using <option>--format</option>.
|
||||||
|
It is a good idea to specify the key ID along with this command,
|
||||||
|
using the <option>--id</option> option.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--store-public-key</option> <emphasis>filename</emphasis>,
|
||||||
|
<option>-P</option> <emphasis>filename</emphasis></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Tells <command>pkcs15-init</command> to download the specified
|
||||||
|
public key to the card and create a public key object with the
|
||||||
|
key ID specified via the <option>--id</option>. By default,
|
||||||
|
the file is assumed to contain the key in PEM format. Alternative
|
||||||
|
formats can be specified using <option>--format</option>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--store-certificate</option> <emphasis>filename</emphasis>,
|
||||||
|
<option>-X</option> <emphasis>filename</emphasis></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Tells <command>pkcs15-init</command> to store the certificate given
|
||||||
|
in <option>filename</option> on the card, creating a certificate
|
||||||
|
object with the ID specified via the <option>--id</option> option.
|
||||||
|
The file is assumed to contain the DER encoded certificate.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--so-pin, --so-puk, --pin, --puk</option></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
These options can be used to specify PIN/PUK values on the command
|
||||||
|
line. Note that on most operation systems, any user can display
|
||||||
|
the command line of any process on the system using utilities such
|
||||||
|
as <command>ps(1)</command>. Therefore, you should use these options
|
||||||
|
only on a secured system, or in an options file specified with
|
||||||
|
<option>--options-file</option>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--passphrase</option></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
When downloading a private key, this option can be used to specify
|
||||||
|
the pass phrase to unlock the private key. The same caveat applies
|
||||||
|
here as in the case of the <option>--pin</option> options.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--options-file</option> <emphasis>filename</emphasis></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Tells <command>pkcs15-init</command> to read additional options
|
||||||
|
from <emphasis>filename</emphasis>. The file is supposed to
|
||||||
|
contain one long option per line, without the leading dashes,
|
||||||
|
for instance:
|
||||||
|
<programlisting>
|
||||||
|
pin frank
|
||||||
|
puk zappa
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
You can specify <option>--options-file</option> several times.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--verbose, -v</option></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Causes <command>pkcs15-init</command> to be more verbose. Specify this
|
||||||
|
flag several times to enable debug output in the OpenSC library.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>See also</title>
|
||||||
|
<para>pkcs15-profile(5)</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
|
@ -0,0 +1,60 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<refentry id="">
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>pkcs15-profile</refentrytitle>
|
||||||
|
<manvolnum>5</manvolnum>
|
||||||
|
<refmiscinfo>opensc</refmiscinfo>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>pkcs15-profile</refname>
|
||||||
|
<refpurpose>format of profile for <command>pkcs15-init</command></refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Synopsis</title>
|
||||||
|
<para>
|
||||||
|
<command></command>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
<para>
|
||||||
|
The <command>pkcs15-init</command> utility for PKCS #15 smart card
|
||||||
|
personalization is controlled via profiles. When starting, it will read two
|
||||||
|
such profiles at the moment, a generic application profile, and a card
|
||||||
|
specific profile. The generic profile must be specified on the command line,
|
||||||
|
while the card-specific file is selected based on the type of card detected.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The generic application profile defines general information about the card
|
||||||
|
layout, such as the path of the application DF, various PKCS #15 files within
|
||||||
|
that directory, and the access conditions on these files. It also defines
|
||||||
|
general information about PIN, key and certificate objects. Currently, there
|
||||||
|
is only one such generic profile, <command>pkcs15.profile</command>.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The card specific profile contains additional information required during
|
||||||
|
card intialization, such as location of PIN files, key references etc.
|
||||||
|
Profiles currently reside in <command>@pkgdata@</command>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Syntax</title>
|
||||||
|
<para>
|
||||||
|
This section should contain information about the profile syntax. Will add
|
||||||
|
this soonishly.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>See also</title>
|
||||||
|
<para>
|
||||||
|
<command>pkcs15</command>(7), <command>pkcs15-init</command>(1),
|
||||||
|
<command>pkcs15-crypt</command>(1), <command>opensc</command>(7),
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
|
@ -0,0 +1,131 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<refentry id="pkcs15-tool">
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>pkcs15-tool</refentrytitle>
|
||||||
|
<manvolnum>1</manvolnum>
|
||||||
|
<refmiscinfo>opensc</refmiscinfo>
|
||||||
|
</refmeta>
|
||||||
|
|
||||||
|
<refnamediv>
|
||||||
|
<refname>pkcs15-tool</refname>
|
||||||
|
<refpurpose>utility for manipulating PKCS #15 data structures
|
||||||
|
on smart cards and similar security tokens</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Synopsis</title>
|
||||||
|
<para>
|
||||||
|
<command>pkcs15-tool</command> [OPTIONS]
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Description</title>
|
||||||
|
<para>
|
||||||
|
The <command>pkcs15-tool</command> utility is used to manipulate
|
||||||
|
the PKCS #15 data structures on smart cards and similar security
|
||||||
|
tokens. Users can list and read PINs, keys and certificates stored
|
||||||
|
on the token. User PIN authentication is performed for those
|
||||||
|
operations that require it.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Options</title>
|
||||||
|
<para>
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--learn-card, -L</option></term>
|
||||||
|
<listitem><para>Cache PKCS #15 token data to the local filesystem.
|
||||||
|
Subsequent operations are performed on the cached data where possible.
|
||||||
|
If the cache becomes out-of-sync with the token state (eg. new key is
|
||||||
|
generated and stored on the token), the cache should be updated or
|
||||||
|
operations may show stale results.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--read-certificate</option> <varname>cert</varname>,
|
||||||
|
<option>-r</option> <varname>cert</varname></term>
|
||||||
|
<listitem><para>Reads the certificate with the given id.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--list-certificates, -c</option></term>
|
||||||
|
<listitem><para>Lists all certificates stored on the token.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--list-pins</option></term>
|
||||||
|
<listitem><para>Lists all PINs stored on the token. General information
|
||||||
|
about each PIN is listed (eg. PIN name). Actual PIN values are not shown.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--change-pin</option></term>
|
||||||
|
<listitem><para>Changes a PIN stored on the token. User authentication
|
||||||
|
is required for this operation.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--list-keys, -k</option></term>
|
||||||
|
<listitem><para>Lists all private keys stored on the token. General
|
||||||
|
information about each private key is listed (eg. key name, id and
|
||||||
|
algorithm). Actual private key values are not displayed.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--list-public-keys</option></term>
|
||||||
|
<listitem><para>Lists all public keys stored on the token, including
|
||||||
|
key name, id, algorithm and length information.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--read-public-key</option> <varname>id</varname></term>
|
||||||
|
<listitem><para>Reads the public key with id <varname>id</varname>,
|
||||||
|
allowing the user to extract and store or use the public key.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--output</option> <varname>filename</varname>,
|
||||||
|
<option>-o</option> <varname>filename</varname></term>
|
||||||
|
<listitem><para>Specifies where key output should be written.
|
||||||
|
If <varname>filename</varname> already exists, it will be overwritten.
|
||||||
|
If this option is not given, keys will be printed to standard output.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--no-cache</option></term>
|
||||||
|
<listitem><para>Disables token data caching.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--pin-id</option> <varname>pin</varname>,
|
||||||
|
<option>-a</option> <varname>pin</varname></term>
|
||||||
|
<listitem><para>Specifies the auth id of the PIN to use for the
|
||||||
|
operation. This is useful with the --change-pin operation.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--reader</option> <varname>num</varname></term>
|
||||||
|
<listitem><para>Forces <command>pkcs15-tool</command> to use reader
|
||||||
|
number <varname>num</varname> for operations. The default is to use
|
||||||
|
reader number 0, the first reader in the system.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--verbose, -v</option></term>
|
||||||
|
<listitem><para>Causes <command>pkcs15-tool</command> to be more
|
||||||
|
verbose. Specify this flag several times to enable debug output
|
||||||
|
in the OpenSC library.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>See also</title>
|
||||||
|
<para>opensc(7), pkcs15-init(1), pkcs15-crypt(1)</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
</refentry>
|
|
@ -0,0 +1,26 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.2//EN"
|
||||||
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||||||
|
|
||||||
|
<book xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||||
|
<title>OpenSC tools</title>
|
||||||
|
<reference>
|
||||||
|
<referenceinfo>
|
||||||
|
<title>OpenSC</title>
|
||||||
|
</referenceinfo>
|
||||||
|
<xi:include href="opensc-config.xml"/>
|
||||||
|
<xi:include href="opensc-tool.xml"/>
|
||||||
|
<xi:include href="opensc-explorer.xml"/>
|
||||||
|
<xi:include href="pkcs11-tool.xml"/>
|
||||||
|
<xi:include href="pkcs15-crypt.xml"/>
|
||||||
|
<xi:include href="pkcs15-tool.xml"/>
|
||||||
|
<xi:include href="pkcs15-init.xml"/>
|
||||||
|
<xi:include href="pkcs15-profile.xml"/>
|
||||||
|
<xi:include href="cardos-info.xml"/>
|
||||||
|
<xi:include href="cryptoflex-tool.xml"/>
|
||||||
|
</reference>
|
||||||
|
</book>
|
||||||
|
|
||||||
|
<!-- TODO
|
||||||
|
opensc
|
||||||
|
-->
|
Loading…
Reference in New Issue