diff --git a/doc/tools/egk-tool.1.xml b/doc/tools/egk-tool.1.xml
new file mode 100644
index 00000000..df6a9cb6
--- /dev/null
+++ b/doc/tools/egk-tool.1.xml
@@ -0,0 +1,115 @@
+
+
+
+ egk-tool
+ 1
+ OpenSC
+ OpenSC Tools
+ opensc
+
+
+
+ egk-tool
+ displays information on the German electronic health card (elektronische Gesundheitskarte, eGK)
+
+
+
+
+
+ egk-tool
+ OPTIONS
+
+
+
+
+ Description
+
+ The egk-tool utility is used to display information stored on the German elektronic health card (elektronische Gesundheitskarte, eGK).
+
+
+
+
+ Options
+
+
+
+
+ ,
+
+ Print help and exit.
+
+
+
+ ,
+
+ Print version and exit.
+
+
+
+ arg,
+ arg
+
+
+ Specify the reader to use.
+ Use -1 as arg
+ to automatically detect the reader to use.
+ By default, the first reader with a present card is used.
+
+
+
+
+ ,
+
+
+
+ Causes egk-tool to be more verbose.
+ Specify this flag several times to be more verbose.
+
+
+
+
+
+
+ Health Care Application (HCA)
+
+
+
+
+ Show 'Persönliche Versicherungsdaten' (XML).
+
+
+
+
+
+ Show 'Allgemeine Versicherungsdaten' (XML).
+
+
+
+
+
+ Show 'Geschützte Versicherungsdaten' (XML).
+
+
+
+
+
+ Show 'Versichertenstammdaten-Status'.
+
+
+
+
+
+
+
+ Authors
+ egk-tool was written by
+ Frank Morgner frankmorgner@gmail.com.
+
+
+
+
diff --git a/doc/tools/npa-tool.1.xml b/doc/tools/npa-tool.1.xml
new file mode 100644
index 00000000..a3b419b8
--- /dev/null
+++ b/doc/tools/npa-tool.1.xml
@@ -0,0 +1,440 @@
+
+
+
+ npa-tool
+ 1
+ OpenSC
+ OpenSC Tools
+ opensc
+
+
+
+ npa-tool
+ displays information on the German eID card (neuer Personalausweis, nPA).
+
+
+
+
+
+ npa-tool
+ OPTIONS
+
+
+
+
+ Description
+
+ The npa-tool utility is used to display information
+ stored on the German eID card (neuer Personalausweis, nPA),
+ and to perform some write and verification operations.
+
+
+
+
+ Options
+
+
+
+
+ ,
+
+ Print help and exit.
+
+
+
+ ,
+
+ Print version and exit.
+
+
+
+ arg,
+ arg
+
+
+ Specify the reader to use.
+ Use -1 as arg
+ to automatically detect the reader to use.
+ By default, the first reader with a present card is used.
+
+
+
+
+ ,
+
+
+
+ Causes npa-tool to be more verbose.
+ Specify this flag several times to be more verbose.
+
+
+
+
+
+
+ Password Authenticated Connection Establishment (PACE)
+
+
+
+ STRING,
+ STRING
+
+
+ Run PACE with (transport) eID-PIN.
+
+
+
+
+ STRING,
+ STRING
+
+
+ Run PACE with PUK.
+
+
+
+
+ STRING,
+ STRING
+
+
+ Run PACE with Card Access Number (CAN).
+
+
+
+
+ STRING,
+ STRING
+
+
+ Run PACE with Machine Readable Zone (MRZ).
+ Enter the MRZ without newlines.
+
+
+
+
+
+ Specify whether to use environment variables PIN,
+ PUK, CAN, MRZ,
+ and NEWPIN.
+ You may want to clean your environment before enabling this.
+ (default=off)
+
+
+
+
+
+
+ PIN management
+
+
+
+ STRING,
+ STRING
+
+
+ Install a new PIN.
+
+
+
+
+ ,
+
+
+
+ Resume eID-PIN (uses CAN to activate last retry).
+ (default=off)
+
+
+
+
+ ,
+
+
+
+ Unblock PIN (uses PUK to activate three more retries).
+ (default=off)
+
+
+
+
+
+
+ Terminal Authentication (TA) and Chip Authentication (CA)
+
+
+
+ FILENAME,
+ FILENAME
+
+
+ Specify Card Verifiable (CV) certificate
+ to create a certificate chain.
+ The option can be given multiple times, in which case the
+ order is important.
+
+
+
+ HEX_STRING
+
+ Certificate description to show for Terminal Authentication.
+
+
+
+ HEX_STRING
+
+ Specify the Card Holder Authorization Template
+ (CHAT) to use.
+ If not given, it defaults to the terminal's CHAT.
+ Use 7F4C0E060904007F000703010203530103
+ to trigger EAC on the CAT-C (Komfortleser).
+
+
+
+
+ HEX_STRING,
+ HEX_STRING
+
+
+ Specify the terminal's auxiliary data.
+ If not given, the default is determined by verification
+ of validity, age and community ID.
+
+
+
+
+ FILENAME,
+ FILENAME
+
+
+ Specify the terminal's private key.
+
+
+
+ DIRECTORY
+
+ Specify where to look for the certificate of the
+ Country Verifying Certification Authority
+ (CVCA).
+ If not given, it defaults to
+ /home/fm/.local/etc/eac/cvc.
+
+
+
+
+ DIRECTORY
+
+ Specify where to look for the X.509 certificate.
+ If not given, it defaults to
+ /home/fm/.local/etc/eac/x509.
+
+
+
+
+
+ Disable checking the validity period of CV certificates.
+ (default=off)
+
+
+
+
+
+ Disable passive authentication. (default=off)
+
+
+
+
+
+
+ Read and write data groups
+
+
+
+ Read data group 1: Document Type.
+
+
+
+ Read data group 2: Issuing State.
+
+
+
+ Read data group 3: Date of Expiry.
+
+
+
+ Read data group 4: Given Name(s).
+
+
+
+ Read data group 5: Family Name.
+
+
+
+ Read data group 6: Religious/Artistic Name.
+
+
+
+ Read data group 7: Academic Title.
+
+
+
+ Read data group 8: Date of Birth.
+
+
+
+ Read data group 9: Place of Birth.
+
+
+
+ Read data group 10: Nationality.
+
+
+
+ Read data group 11: Sex.
+
+
+
+ Read data group 12: Optional Data.
+
+
+
+ Read data group 13: Birth Name.
+
+
+
+ Read data group 14.
+
+
+
+ Read data group 15.
+
+
+
+ Read data group 16.
+
+
+
+ Read data group 17: Normal Place of Residence.
+
+
+
+ Read data group 18: Community ID.
+
+
+
+ Read data group 19: Residence Permit I.
+
+
+
+ Read data group 20: Residence Permit II.
+
+
+
+ Read data group 21: Optional Data.
+
+
+
+ HEX_STRING
+ Write data group 17: Normal Place of Residence.
+
+
+
+ HEX_STRING
+ Write data group 18: Community ID.
+
+
+
+ HEX_STRING
+ Write data group 19: Residence Permit I.
+
+
+
+ HEX_STRING
+ Write data group 20: Residence Permit II.
+
+
+ HEX_STRING
+ Write data group 21: Optional Data.
+
+
+
+
+
+ Verification of validity, age and community ID
+
+
+ YYYYMMDD
+
+ Verify chip's validity with a reference date.
+
+
+
+ YYYYMMDD
+
+ Verify age with a reference date.
+
+
+
+ HEX_STRING
+
+ Verify community ID with a reference ID.
+
+
+
+
+
+
+ Special options, not always useful
+
+
+
+ ,
+
+
+
+ Brute force PIN, CAN or PUK.
+ Use together with options ,
+ , or .
+ (default=off)
+
+
+
+
+ FILENAME,
+ FILENAME
+
+
+ Specify the file with APDUs of HEX_STRINGs to send
+ through the secure channel.
+ (default=`stdin')
+
+
+
+
+
+ Force compliance to BSI TR-03110 version 2.01. (default=off)
+
+
+
+
+
+ Disable all checking of fly-by-data. (default=off)
+
+
+
+
+
+
+
+ Authors
+ npa-tool was written by
+ Frank Morgner frankmorgner@gmail.com.
+
+
+
+
diff --git a/doc/tools/opensc-asn1.1.xml b/doc/tools/opensc-asn1.1.xml
new file mode 100644
index 00000000..a2f1bca7
--- /dev/null
+++ b/doc/tools/opensc-asn1.1.xml
@@ -0,0 +1,64 @@
+
+
+
+ opensc-asn1
+ 1
+ OpenSC
+ OpenSC Tools
+ opensc
+
+
+
+ opensc-asn1
+ parse ASN.1 data
+
+
+
+
+
+ opensc-asn1
+ OPTIONS
+ FILES
+
+
+
+
+ Description
+
+ The opensc-asn1 utility is used to parse ASN.1 data.
+
+
+
+
+ Options
+
+
+
+
+ ,
+
+ Print help and exit.
+
+
+
+ ,
+
+ Print version and exit.
+
+
+
+
+
+
+ Authors
+ opensc-asn1 was written by
+ Frank Morgner frankmorgner@gmail.com.
+
+
+
+
diff --git a/doc/tools/opensc-notify.1.xml b/doc/tools/opensc-notify.1.xml
new file mode 100644
index 00000000..ec01651a
--- /dev/null
+++ b/doc/tools/opensc-notify.1.xml
@@ -0,0 +1,136 @@
+
+
+
+ opensc-notify
+ 1
+ OpenSC
+ OpenSC Tools
+ opensc
+
+
+
+ opensc-notify
+ monitor smart card events and send notifications
+
+
+
+
+
+ opensc-notify
+ OPTIONS
+
+
+
+
+ Description
+
+ The opensc-notify utility is used to
+ monitor smart card events and send the appropriate notification.
+
+
+
+
+ Options
+
+
+
+
+ ,
+
+ Print help and exit.
+
+
+
+ ,
+
+ Print version and exit.
+
+
+
+
+
+ Mode: customized
+
+ Send customized notifications.
+
+
+
+
+ STRING,
+ STRING
+
+
+ Specify the title of the notification.
+
+
+
+
+ STRING,
+ STRING
+
+
+ Specify the main text of the notification.
+
+
+
+
+
+
+ Mode: standard
+
+ Manually send standard notifications.
+
+
+
+
+ ,
+
+
+ See notify_card_inserted
+ in opensc.conf (default=off).
+
+
+
+
+ ,
+
+
+ See notify_card_removed
+ in opensc.conf (default=off).
+
+
+
+
+ ,
+
+
+ See notify_pin_good
+ in opensc.conf (default=off).
+
+
+
+
+ ,
+
+
+ See notify_pin_bad
+ in opensc.conf (default=off).
+
+
+
+
+
+
+
+ Authors
+ opensc-notify was written by
+ Frank Morgner frankmorgner@gmail.com.
+
+
+
+