From a9c320f8f8b5de380075ba7f5850c24c5ad02be4 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Mon, 15 Aug 2011 16:58:01 +0200 Subject: [PATCH] doc/tools/*.xml: more consistent formatting uUse specific tags: for commands - This will install the private key contained in the file okir.p12, - and protect it with the PIN referenced by authentication ID 01. + This will install the private key contained in the file okir.p12, + and protect it with the PIN referenced by authentication ID 01. It will also store any X.509 certificates contained in the file, which is usually the user certificate that goes with the key, as well as the CA certificate. @@ -239,33 +240,37 @@ - name, - name + + name, + name + Tells pkcs15-init to load the specified general profile. Currently, the only application profile defined is - pkcs15, but you can write your own profiles and + pkcs15, but you can write your own profiles and specify them using this option. - The profile name can be combined with one or more profile - options, which slightly modify the profile's behavior. + The profile name can be combined with one or more profile + options, which slightly modify the profile's behavior. For instance, the default OpenSC profile supports the option, which installs a single PIN during card initialization. This PIN is then used both as the SO PIN as well as the user PIN for all keys stored on the card. - Profile name and options are separated by a - character, as in . + Profile name and options are separated by a + + character, as in pkcs15+onepin. - name, - name + + name, + name + Tells pkcs15-init to load the specified card @@ -275,7 +280,10 @@ - + + , + + This tells pkcs15-init to create a PKCS #15 @@ -285,7 +293,10 @@ - + + , + + This will erase the card prior to creating the PKCS #15 structure, @@ -296,12 +307,14 @@ - keyspec, - keyspec + + keyspec, + keyspec + Tells the card to generate new key and store it on the card. - keyspec consists of an algorithm name + keyspec consists of an algorithm name (currently, the only supported name is ), optionally followed by a slash and the length of the key in bits. It is a good idea to specify the key ID along with this command, @@ -316,8 +329,10 @@ - filename, - filename + + filename, + filename + Tells pkcs15-init to download the specified @@ -337,7 +352,9 @@ - filename + + filename + Tells pkcs15-init to download the specified @@ -350,8 +367,10 @@ - filename, - filename + + filename, + filename + Tells pkcs15-init to store the certificate given @@ -369,8 +388,10 @@ - filename, - filename + + filename, + filename + Tells pkcs15-init to update the certificate @@ -385,8 +406,10 @@ - , - + + , + + Tells pkcs15-init to not ask for the transport @@ -396,7 +419,12 @@ - + + , + , + , + + These options can be used to specify PIN/PUK values on the command @@ -410,11 +438,13 @@ - filename + + filename + Tells pkcs15-init to read additional options - from filename. The file is supposed to + from filename. The file is supposed to contain one long option per line, without the leading dashes, for instance: @@ -429,7 +459,10 @@ - + + , + + Causes pkcs15-init to be more verbose. Specify this diff --git a/doc/tools/pkcs15-tool.1.xml b/doc/tools/pkcs15-tool.1.xml index 7de1e869..c928eee5 100644 --- a/doc/tools/pkcs15-tool.1.xml +++ b/doc/tools/pkcs15-tool.1.xml @@ -37,7 +37,10 @@ - + + , + + Cache PKCS #15 token data to the local filesystem. Subsequent operations are performed on the cached data where possible. If the cache becomes out-of-sync with the token state (eg. new key is @@ -46,36 +49,50 @@ - + + + List the on-card PKCS#15 applications - cert, - cert + + cert, + cert + Reads the certificate with the given id. - + + , + + Lists all certificates stored on the token. - cert, - data + + cert, + data + Reads data object with OID, applicationName or label. - + + + Verify PIN after card binding and before issuing any command (without 'auth-id' the first non-SO, non-Unblock PIN will be verified) - + + , + + Lists all data objects stored on the token. For some cards the PKCS#15 attributes of the private data objects are protected for reading and need the authentication with the User PIN. @@ -84,30 +101,43 @@ - + + + Lists all PINs stored on the token. General information about each PIN is listed (eg. PIN name). Actual PIN values are not shown. - + + , + + Dump card objects. - + + + Changes a PIN or PUK stored on the token. User authentication is required for this operation. - + + , + + Unblocks a PIN stored on the token. Knowledge of the Pin Unblock Key (PUK) is required for this operation. - + + , + + Lists all private keys stored on the token. General information about each private key is listed (eg. key name, id and algorithm). Actual private key values are not displayed. @@ -117,58 +147,78 @@ - + + + Lists all public keys stored on the token, including key name, id, algorithm and length information. - id - Reads the public key with id id, + + id + + Reads the public key with id id, allowing the user to extract and store or use the public key. - id - Reads the public key with id id, - writing the output in format suitable for $HOME/.ssh/authorized_keys. + + id + + Reads the public key with id id, + writing the output in format suitable for + $HOME/.ssh/authorized_keys. - filename, - filename + + filename, + filename + Specifies where key output should be written. - If filename already exists, it will be overwritten. + If filename already exists, it will be overwritten. If this option is not given, keys will be printed to standard output. - + + + Disables token data caching. - pin, - pin + + pin, + pin + Specifies the auth id of the PIN to use for the operation. This is useful with the --change-pin operation. - aid + + aid + Specify in a hexadecimal form the AID of the on-card PKCS#15 application to be binded to. - num + + num + Forces pkcs15-tool to use reader - number num for operations. The default is to use + number num for operations. The default is to use reader number 0, the first reader in the system. - + + , + + Causes pkcs15-tool to be more verbose. Specify this flag several times to enable debug output in the OpenSC library. diff --git a/doc/tools/westcos-tool.1.xml b/doc/tools/westcos-tool.1.xml index 07d4935c..92a5da19 100644 --- a/doc/tools/westcos-tool.1.xml +++ b/doc/tools/westcos-tool.1.xml @@ -36,19 +36,28 @@ - num + + num, + num + Use the given reader. The default is the first reader with a card. - + + , + + Wait for a card to be inserted - + + , + + Generate a private key on smart card. The smart card must be not finalized and a PIN must be installed (ie. file for PIN must be created, see option -i). By default key length is 1536 bits. User authentication is required for @@ -56,65 +65,80 @@ - + + , + + Overwrite the key if there is already a key on card. - length, - length + length, + length Change the length of private key, use with . - + + , + + Install PIN file in token, you must provide PIN value with . - value, - value + value, + value set value of PIN. - value, - value + value, + value set value of PUK (or value of new PIN for change PIN command see ). - + + , + + Changes a PIN stored on the token. User authentication is required for this operation. - + + , + + Unblocks a PIN stored on the token. Knowledge of the PIN Unblock Key (PUK) is required for this operation. - file, - file + file, + file Write certificate file in PEM format to the card. User authentication is required for this operation. - + + , + + Finalize the card. Once finalized the default key is invalidated so PIN and PUK can't be changed anymore without user authentication. Warning, un-finalized are insecure because PIN can be changed without user authentication (knowledge of default key @@ -123,8 +147,8 @@ - path, - path + path, + path Get the file path the file is written on disk with path name. User authentication @@ -133,8 +157,8 @@ - path, - path + path, + path Put the file with name path from disk to card the file is written in path. User authentication @@ -142,12 +166,17 @@ - + + , + + Print help message on screen. - + + + Causes westcos-tool to be more verbose. Specify this flag several times to enable debug output in the OpenSC library.