giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove old man pages (replaced by new man pages in xml format). 

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2813 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
aj 2006-01-12 09:36:58 +00:00
parent 8fac2eaac2
commit b1322ecd39
27 changed files with 0 additions and 1731 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
man/old/cardos-info.1
View File

@ -1,33 +0,0 @@
.PU
.ds nm \fBcardos-info\fR
.TH cardos-info 1 "December 11, 2003" "" OpenSC
.SH NAME
cardos-info \- Displays information about Card OS based security tokens
.SH SYNOPSIS
\*(nm
.RI [OPTIONS]
.SH DESCRIPTION
The \*(nm utility is used to display information about
smart cards and similar security tokens based on Siemens Card/OS M4.
.SH OPTIONS
.TP
.BR "\-\-reader " \fInumber\fP ", \-r " \fInumber\fP
Display information about the token in reader number \fInumber\fP.
The default is reader 0.
.TP
.BR "\-\-card\-driver " \fIname\fP ", \-c " \fIname\fP
Use the card driver specified by \fIname\fP.
The default is to auto-detect the correct card driver.
.TP
.BR \-\-wait ", " \-w
Causes \*(nm to wait for the token to be inserted into \fIreader\fP.
.TP
.BR \-\-verbose ", " \-v
Causes \*(nm to be more verbose. Specify this flag several times
to enable debug output in the opensc library.
.SH SEE ALSO
.BR opensc (7).
.SH AUTHORS
\*(nm was written by Juha Yrjölä and Andreas Jellinghaus <aj@dungeon.inka.de>.
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
for the Debian GNU/Linux system (but may be used by others).

69
man/old/cryptoflex-tool.1
View File

@ -1,69 +0,0 @@
.PU
.ds nm \fBcryptoflex-tool\fR
.TH cryptoflex-tool 1 "September 3, 2002" "" OpenSC
.SH NAME
cryptoflex-tool \- utility for manipulating Schlumberger Cryptoflex data structures
.SH SYNOPSIS
\*(nm
.RI [OPTIONS]
.SH DESCRIPTION
\*(nm is used to manipulate PKCS
data structures on Schlumberger Cryptoflex smart cards.
Users can create, list and read PINs and keys
stored on the smart card. User PIN authentication is
performed for those operations that require it.
.SH OPTIONS
.TP
.BR \-\-verify\-pin ", " \-V
Verifies CHV1 before issuing commands
.TP
.BR \-\-list\-keys ", " \-l
Lists all keys stored in a public key file
.TP
.BR "\-\-create\-key\-files " \fIarg\fP ", \-c " \fIarg\fP
Creates new RSA key files for \fIarg\fP keys
.TP
.BR "\-\-create\-pin\-files " \fIid\fP ", \-P " \fIid\fP
Creates new PIN file for CHV\fIid\fP
.TP
.BR "\-\-generate\-key, \-g"
Generate a new RSA key pair
.TP
.BR "\-\-read\-key "
Reads a public key from the card, allowing the user to
extract and store or use the public key
.TP
.BR "\-\-key\-num " \fInum\fP ", \-k " \fInum\fP
Specifies the key number to operate on. The default is key number 1.
.TP
.BR "\-\-app\-df " \fInum\fP ", \-a " \fInum\fP
Specifies the DF to operate in
.TP
.BR "\-\-prkey\-file " \fIid\fP ", \-p " \fIid\fP
Specifies the private key file id, \fIid\fP, to use
.TP
.BR "\-\-pubkey\-file " \fIid\fP ", \-u " \fIid\fP
Specifies the public key file id, \fIid\fP, to use
.TP
.BR "\-\-exponent " \fIexp\fP ", \-e " \fIexp\fP
Specifies the RSA exponent, \fIexp\fP, to use in key generation.
The default value is 3.
.TP
.BR "\-\-modulus\-length " \fIlength\fP ", \-m " \fIlength\fP
Specifies the modulus \fIlength\fP to use in key generation. The default
value is 1024.
.TP
.BR "\-\-reader " \fInum\fP ", -r " \fInum\fP
Forces \*(nm to use reader number \fInum\fP for operations. The default
is to use reader number 0, the first reader in the system.
.TP
.BR \-\-verbose ", " \-v
Causes \*(nm to be more verbose. Specify this flag several times
to enable debug output in the opensc library.
.SH SEE ALSO
.BR opensc (7),
.BR pkcs15-tool (1)
.SH AUTHORS
\*(nm was written by Juha Yrjölä <juha.yrjola@iki.fi>.
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
for the Debian GNU/Linux system (but may be used by others).

102
man/old/netkey-tool.1
View File

@ -1,102 +0,0 @@
.PU
.ds nm \fBnetkey-tool\fR
.TH netkey-tool 1 "May 16, 2005" "" OpenSC
.SH NAME
netkey-tool \- utility for NetKey E4 smart cards
.SH SYNOPSIS
\*(nm
.RI [OPTIONS]
[command]
.SH DESCRIPTION
The \*(nm utility can be used from the command line to perform
some smart card operations with NetKey E4 cards that cannot
be done easily with other OpenSC-tools, such as changing local
PINs, storing certificates into empty NetKey E4 cert-files or
displaying the initial PUK-value.
.SH OPTIONS
.TP
.BR \-\-help ", " \-h
Displays a short help message.
format
.TP
.BR \-v
Causes \*(nm to be more verbose. Specify this flag several times
to enable debug output in the opensc library.
.TP
.BR "\-\-pin " \fIpin-value\fP ", \-p " \fIpin-value\fP
Specifies the current value of the global PIN.
.TP
.BR "\-\-puk " \fIpin-value\fP ", \-u " \fIpin-value\fP
Specifies the current value of the global PUK.
.TP
.BR "\-\-pin0 " \fIpin-value\fP ", \-0 " \fIpin-value\fP
Specifies the current value of the local PIN0 (aka local PIN).
.TP
.BR "\-\-pin1 " \fIpin-value\fP ", \-1 " \fIpin-value\fP
Specifies the current value of the local PIN1 (aka local PUK).
.SH PIN FORMAT
With \fIpin-value\fP you can specify one of the cards pins.
You may use plain ascii-strings (i.e. 123456) or a hex-string
(i.e. 31:32:33:34:35:36). A hex-string consists
of exacly n 2-digit hexnumbers separated by n-1 colons.
Don't use leading or trailing colons or 1-digit hex-numbers. :12:34:
and 1:2:3:4 are both pins of length 7 and you most likely
intedend to use 12:34 or 01:02:03:04 wich are pins of length
2 and 4.
.SH COMMANDS
When used without any options or commands, \*(nm will
display information about the smart cards pins and
certificates. This will not change your card in
any aspect (assumed there are no bugs in \*(nm).
In particular the tries-left counters of the pins
are investigated without doing actual pin-verifications.
If you specify the global PIN via the \fB\-\-pin\fP option,
\*(nm will also display the initial value of the cards
global PUK. If your global PUK was changed \*(nm will
still diplay its initial value. There's no way to recover
a lost global PUK once it was changed and got lost. There's
also no way to display the initial value of your global
PUK without knowing the current value of your global PIN.
For most of the commands that \*(nm can execute, you have
to specify one pin. One notable exeption is the
\fBnullpin\fP command, but this command can only be executed
once in the lifetime of a NetKey E4 card.
.IP "\fBunblock pin | pin0 | pin1\fP" 4
This unblocks the specified pin. This needs the value
of another pin and if you don't specify a correct one,
\*(nm will tell you which one is needed.
.IP "\fBchange pin | puk | pin0 | pin1 \fIpin-value\fP" 4
This changes the value of the specified pin to the given
new value. This needs the value of either the same
pin or another pin and if you don't specify a correct one,
\*(nm will tell you which one is needed.
.IP "\fBnullpin \fIpin-value\fP" 4
This command can be executed only if the global PIN
of your card is in nullpin-state. There's no way to
return back to nullpin-state once you have changed
your global PIN. You don't need a pin to execute
the nullpin-command. After a succesfull nullpin-command
\*(nm will display your cards initial PUK-value.
.IP "\fBcert \fIno\fP \fIfilename\fP" 4
This command will read one of your cards certificates
(as specified by number \fIno\fP) and save this
certificate into file \fIfilename\fP in PEM-format.
Certificates on a NetKey E4 card are readable without
a pin, so you don't have to specify one.
.IP "\fBcert \fIfilename\fP \fIno\fP" 4
This command will read the first PEM-encoded certificate from
file \fIfilename\fP and store this into your smart cards
certificate file number \fIno\fP. Some of your
smart cards certificate files might be readonly, so
this will not work with all values of \fIno\fP. If
a certificate file is writable you must specify a
pin in order to change it. If you try to use this
command without specifying a pin, \*(nm will tell
you which one is needed.
.SH SEE ALSO
.BR opensc (7),
.BR opensc-explorer (1)
.SH AUTHORS
\*(nm was written by Peter Koch <pk_opensc@web.de>.

49
man/old/opensc-config.1
View File

@ -1,49 +0,0 @@
.PU
.ds nm \fBopensc-config\fR
.TH opensc-config 1 "September 4, 2002" "" OpenSC
.SH NAME
opensc-config \- a tool to get information about the installed version of OpenSC
.SH SYNOPSIS
\*(nm
.RI [OPTIONS]
.SH DESCRIPTION
\*(nm is a tool that is used to get various information about the installed
version of OpenSC. It is particularly useful in determining
compiler and linker flags necessary to build programs with the
OpenSC libraries.
.SH OPTIONS
\*(nm accepts the following options:
.PP
.TP
.BR \-\-version
Print the installed version of OpenSC to standard output.
.TP
.BR \-\-libs
Print the linker flags that are needed to compile a program
to use the OpenSC libraries.
.TP
.BR \-\-cflags
Print the compiler flags that are needed to compile a program
to use the OpenSC libraries.
.TP
.BR \-\-prefix=PREFIX
If specified, use PREFIX instead of the installation
prefix that OpenSC was built with when computing the
output for the --cflags and --libs
options. This option is also used for the exec
prefix if --exec-prefix was not specified. This
option must be specified before any --libs or
--cflags options.
.TP
.BR \-\-exec\-prefix=PREFIX
If specified, use PREFIX instead of the installation
exec prefix that OpenSC was built with when
computing the output for the --cflags and --libs
options. This option must be specified before any
--libs or --cflags options.
.SH SEE ALSO
.BR opensc (7)
.SH AUTHORS
\*(nm was written by Juha Yrjölä <juha.yrjola@iki.fi>.
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
for the Debian GNU/Linux system (but may be used by others).

104
man/old/opensc-explorer.1
View File

@ -1,104 +0,0 @@
.PU
.ds nm \fBopensc-explorer\fR
.TH opensc-explorer 1 "September 3, 2002" "" OpenSC
.SH NAME
opensc-explorer \- generic interactive utility for accessing smart card and similar security token functions
.SH SYNOPSIS
\*(nm
.RI [OPTIONS]
.SH DESCRIPTION
The \*(nm utility can be used interactively to perform
miscellaneous operations such as exploring the
contents of or sending arbitrary APDU commands to a
smart card or similar security token.
.SH OPTIONS
The following are the command\-line options for \*(nm. There
are additional interactive commands available once it is running.
.PP
.TP
.BR "\-\-reader " \fInum\fP ", \-r " \fInum\fP
Use the given reader number. The default is 0, the first reader
in the system.
.TP
.BR "\-\-card\-driver " \fIdriver\fP ", \-D " \fIdriver\fP
Use the given card driver. The default is auto-detected.
.TP
.BR \-\-verbose ", " \-v
Causes \*(nm to be more verbose. Specify this flag several times
to enable debug output in the opensc library.
.SH COMMANDS
The following commands are supported at the \*(nm interactive prompt.
.PP
.TP
.BR ls
list all files in the current DF
.TP
.BR "cd \fIfile\-id\fP"
change to another DF specified by \fIfile\-id\fP
.TP
.BR cat
print the contents of the currently selected EF
.TP
.BR "info [\fIfile\-id\fP]"
display attributes of a file specified by \fIfile\-id\fP.
If \fIfile\-id\fP is not supplied, the attributes of the
current file are printed.
.TP
.BR "create \fIfile\-id\fP \fIsize\fP"
create a new EF. \fIfile\-id\fP specifies the
id number and \fIsize\fP is the size of the new file.
.TP
.BR "delete \fIfile\-id\fP"
remove the EF or DF specified by \fIfile\-id\fP.
.TP
.BR "verify \fIkey\-type\fP\fIkey\-id\fP [\fIkey\fP]"
present a PIN or key to the card.
Where \fIkey\-type\fP can be one of CHV, KEY or PRO.
\fIkey\-id\fP is a number representing the key or PIN number.
\fIkey\fP is the key or PIN to be verified in hex.
.PP
Example: verify CHV0 31:32:33:34:00:00:00:00
.TP
.BR "change CHV\fIid\fP [\fIold\-pin\fP] \fInew\-pin\fP"
change a PIN
.PP
Example: change CHV0 31:32:33:34:00:00:00:00 'secret'
.TP
.BR "put \fIfile\-id\fP [\fIinput\fP]"
copy a local file to the card.
The local file is specified by \fIinput\fP while the
card file is specified by \fIfile\-id\fP.
.TP
.BR "get \fIfile\-id\fP [\fIoutput\fP]"
copy an EF to a local file.
The local file is specified by \fIoutput\fP while the
card file is specified by \fIfile\-id\fP.
.TP
.BR "mkdir \fIfile\-id\fP \fIsize\fP"
create a DF. \fIfile\-id\fP specifies the
id number and \fIsize\fP is the size of the new file.
.TP
.BR pksign
create a public key signature. NOTE: This command is
currently not implemented.
.TP
.BR pkdecrypt
perform a public key decryption. NOTE: This command is
currently not implemented.
.TP
.BR erase
erase the card, if the card supports it.
.TP
.BR "debug [\fIlevel\fP]"
get or set the debug level
.TP
.BR quit
exit the program
.SH SEE ALSO
.BR opensc (7),
.BR opensc-tool (1)
.SH AUTHORS
\*(nm was written by Juha Yrjölä <juha.yrjola@iki.fi>.
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
for the Debian GNU/Linux system (but may be used by others).

54
man/old/opensc-tool.1
View File

@ -1,54 +0,0 @@
.PU
.ds nm \fBopensc-tool\fR
.TH opensc-tool 1 "September 3, 2002" "" OpenSC
.SH NAME
opensc-tool \- generic smart card utility
.SH SYNOPSIS
\*(nm
.RI [OPTIONS]
.SH DESCRIPTION
The \*(nm utility can be used from the command line to perform
miscellaneous smart card operations such as getting the card
ATR or sending arbitrary APDU commands to a card.
.SH OPTIONS
.TP
.BR \-\-atr ", " \-a
Print the Answer To Reset (ATR) of the card, output is in hex byte
format
.TP
.BR \-\-serial
Print the card serial number (normally the ICCSN), output is in hex byte
format
.TP
.BR "\-\-send\-apdu " \fIapdu\fP ", \-s " \fIapdu\fP
Sends an arbitrary APDU to the card in the format AA:BB:CC:DD:EE:FF...
.TP
.BR \-\-list\-files ", " \-f
Recursively lists all files stored on card
.TP
.BR \-\-list\-readers ", " \-l
Lists all configured readers
.TP
.BR \-\-list\-drivers ", " \-D
Lists all installed card drivers
.TP
.BR \-\-list\-rdrivers ", " \-R
Lists all installed reader drivers
.TP
.BR "\-\-reader " \fInum\fP ", \-r " \fInum\fP
Use the given reader number. The default is 0, the first reader
in the system.
.TP
.BR "\-\-card\-driver " \fIdriver\fP ", \-c " \fIdriver\fP
Use the given card driver. The default is auto-detected.
.TP
.BR \-\-verbose ", " \-v
Causes \*(nm to be more verbose. Specify this flag several times
to enable debug output in the opensc library.
.SH SEE ALSO
.BR opensc (7),
.BR opensc-explorer (1)
.SH AUTHORS
\*(nm was written by Juha Yrjölä <juha.yrjola@iki.fi>.
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
for the Debian GNU/Linux system (but may be used by others).

51
man/old/opensc.7
View File

@ -1,51 +0,0 @@
.PU
.ds nm \fBopensc\fR
.TH opensc 7 "September 3, 2002" "" OpenSC
.SH NAME
opensc \- Smart Card library and applications with support for PKCS #15 compatible smart cards and similar security tokens
.SH DESCRIPTION
The \*(nm project aims to provide a set of libraries and programs
for manipulating smart cards. The \*(nm utilities and libraries
can be used with ISO 7816\-4 compatible cards providing basic,
ISO filesystem manipulation. The primary goal of \*(nm, however,
is to support cryptographic functionality made possible by PKCS #15
compatible cards.
.PP
Functionality includes PIN\-protected, on\-card private
and public key storage, message signing/verification and key generation.
.PP
\*(nm supports PC/SC, CT\-API and OpenCT to talk to card terminals.
.SH OTHER FEATURES
PAM library.
.br
OpenSSH integration.
.br
PKCS #11 integration.
.SH SUPPORTED CARDS
.TP
As of this writing, \*(nm is known to support the following PKCS #15 compatible cards.
.br
Finnish FINEID (SetCOS)
.br
Swedish Posten eID (SetCOS)
.br
Schlumberger Cryptoflex 16k and 8k
.br
Gemplus GPK 4000, 8000 and 16000
.br
MioCOS 1.1
.br
TCOS 2.0
.SH SEE ALSO
.BR opensc-tool (1),
.BR opensc-explorer (1),
.BR opensc-config (1),
.BR pkcs15 (7),
.BR pkcs15-init (1),
.BR pkcs15-tool (1),
.BR pkcs15-crypt (1),
.BR cryptoflex-tool (1),
.BR http://www.opensc.org
.SH AUTHOR
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>,
for the Debian GNU/Linux system (but may be used by others).

122
man/old/pkcs11-tool.1
View File

@ -1,122 +0,0 @@
.PU
.ds nm \fBpkcs11-tool\fR
.TH pkcs11-tool 1 "December 11, 2003" "" OpenSC
.SH NAME
pkcs11-tool \- utility for managing and using PKCS #11 security tokens
.SH SYNOPSIS
\*(nm
.RI [OPTIONS]
.SH DESCRIPTION
The \*(nm utility is used to manage the
data objects on smart cards and similar PKCS #11 security tokens.
Users can list and read PINs, keys and
certificates stored on the token. User PIN authentication is
performed for those operations that require it.
.SH OPTIONS
.TP
.BR \-\-login ", " \-l
Authenticate to the token before performing other operations.
This option is not needed if a PIN is provided on the command line.
.TP
.BR "\-\-pin " \fIpin\fP ", \-p " \fIpin\fP
Use the given \fIpin\fP for token operations.
WARNING: Be careful using this option as other users may be able to
read the command line from the system or if it is embedded in a script.
.TP
.BR "\-\-so\-pin " \fIpin\fP
Use the given \fIpin\fP as the Security Officer PIN for some token operations
(token initialization, user PIN initialization, etc). The same warning
than \-\-pin also applies here.
.TP
.BR \-\-init\-token
Initializes a token: set the token label as well as a Security Officer
PIN (the label must be specified using \-\-label).
.TP
.BR \-\-init\-pin
Initializes the user PIN. This option differs from \-\-change\-pin in that
it sets the user PIN for the first time. Once set, the user PIN can be
changed using \-\-change\-pin.
.TP
.BR \-\-change\-pin ", " \-c
Change the user PIN on the token
.TP
.BR \-\-test ", " \-t
Performs some tests on the token. This option is most useful when used with
either \-\-login or \-\-pin.
.TP
.BR \-\-show\-info ", " \-I
Displays general token information.
.TP
.BR \-\-list\-slots ", " \-L
Displays a list of available slots on the token.
.TP
.BR \-\-list\-mechanisms ", " \-M
Displays a list of mechanisms supported by the token.
.TP
.BR \-\-list\-objects ", " \-O
Displays a list of objects.
.TP
.BR \-\-sign ", " \-s
Sign some data.
.TP
.BR \-\-hash ", " \-h
Hash some data.
.TP
.BR "\-\-mechanism " \fImechanism\fP ", \-m " \fImechanism\fP
Use the specified \fImechanism\fP for token operations.
See \-M for a list of mechanisms supported by your token.
.TP
.BR \-\-keypairgen ", " \-k
Generate a new key pair (public and private pair.)
.TP
.BR "\-\-write\-object " \fIid\fP ", \-w " \fIid\fP
Write a key or certificate object to the token.
.TP
.BR "\-\-type " \fItype\fP ", \-y " \fItype\fP
Specify the type of object to operate on. Examples are \fIcert\fP ,
\fIprivkey\fP and \fIpubkey\fP .
.TP
.BR "\-\-id " \fIid\fP ", \-d " \fIid\fP
Specify the id of the object to operate on."
.TP
.BR "\-\-label " \fIname\fP ", \-a " \fIname\fP
Specify the name of the object to operate on (or the token label when
\-\-init\-token is used).
.TP
.BR "\-\-slot " \fIid\fP
Specify the id of the slot to use.
.TP
.BR "\-\-slot\-id " \fIname\fP
Specify the name of the slot to use.
.TP
.BR "\-\-set\-id " \fIid\fP ", \-e " \fIid\fP
Set the CKA_ID of the object.
.TP
.BR "\-\-attr\-from " \fIpath\fP
Extract informations from \fIpath\fP (DER-encoded certificate file)
and create the corresponding attributes when writing an object to the
token. Example: the certificate subject name is used to create the
CKA_SUBJECT attribute.
.TP
.BR "\-\-input\-file " \fIpath\fP ", \-i " \fIpath\fP
Specify the path to a file for input.
.TP
.BR "\-\-output\-file " \fIpath\fP ", \-o " \fIpath\fP
Specify the path to a file for output.
.TP
.BR "\-\-module " \fImod\fP
Specify a module to load.
.TP
.BR "\-\-moz\-cert " \fIpath\fP ", \-z " \fIpath\fP
Tests a Mozilla-like keypair generation and certificate request.
Specify the \fIpath\fP to the certificate file.
.TP
.BR \-\-verbose ", " \-v
Causes \*(nm to be more verbose. Specify this flag several times
to enable debug output in the opensc library.
.SH SEE ALSO
.BR opensc (7).
.SH AUTHORS
\*(nm was written by Olaf Kirch and Stef Hoeben.
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
for the Debian GNU/Linux system (but may be used by others).

96
man/old/pkcs15-crypt.1
View File

@ -1,96 +0,0 @@
.PU
.ds nm \fBpkcs15-crypt\fR
.TH pkcs15-crypt 1 "" "" OpenSC
.SH NAME
pkcs15-crypt \- perform crypto operations using pkcs15 smart card
.SH SYNOPSIS
\*(nm
.RI [ " OPTIONS " ]
.SH DESCRIPTION
The \*(nm utility can be used from the command line to perform
cryptographic operations such as computing digital signatures or
decrypting data, using keys stored on a PKCS #15 compliant smart
card.
.SH OPTIONS
.TP
.BR \-\-sign ", " \-s
Perform digital signature operation on the data read from a
file specified using the
.B \-\-input
option. By default, the contents of the file are assumed to
be the result of an MD5 hash operation. Note that \*(nm
expects the data in binary representation, not ASCII.
.IP
The digital signature is stored, in binary representation,
in the file specified by the
.B \-\-output
option. If this option is not given, the signature
is printed on standard output, displaying non-printable
characters using their hex notation
.BR \e\exNN
(see also
.B \-\-raw).
.
.TP
.B \-\-pkcs1
By default, \*(nm assumes that input data has been padded to
the correct length (i.e. when computing an RSA signature using
a 1024 bit key, the input must be padded to 128 bytes to match
the modulus length). When giving the
.B \-\-pkcs1
option, however, \*(nm will perform the required padding
using the algorithm outlined in the PKCS #1 standard version 1.5.
.TP
.B \-\-sha\-1
This option tells \(*nm that the input file is the result
of an SHA1 hash operation, rather than an MD5 hash. Again,
the data must be in binary representation.
.TP
.BR \-\-decipher ", "\-c
Decrypt the contents of the file specified by the
.B \-\-input
option. The result of the decryption operation is written to
the file specified by the
.B \-\-output
option. If this option is not given, the decrypted data is
printed to standard output, displaying non-printable
characters using their hex notation
.BR \e\exNN
(see also
.B \-\-raw).
.
.TP
.BR \-\-key " id, " \-k " id"
Selects the ID of the key to use.
.TP
.BR \-\-reader " N, " \-r " N"
Selects the N-th smart card reader configured by the system.
If unspecified, \*(nm will use the first reader found.
.TP
.BR \-\-input " file, " \-i " file"
Specifies the input file to use.
.TP
.BR \-\-output " file, " \-o " file"
Any output will be sent to the specified file.
.TP
.BR \-\-raw ", "\-R
Outputs raw 8 bit data.
.TP
.BR \-\-pin " pincode, " \-p " pincode"
When the cryptographic operation requires a PIN to access
the key, \*(nm will prompt the user for the PIN on the terminal.
Using this option allows you to specify the PIN on the command
line.
.IP
Note that on most operating systems, the command line of
a process can be displayed by any user using the
.BR ps (1)
command. It is therefore a security risk to specify
secret information such as PINs on the command line.
.TP
.BR \-\-verbose ", " \-v
Causes \*(nm to be more verbose. Specify this flag several times
to enable debug output in the opensc library.
.SH AUTHORS
\*(nm was written by Juha Yrjölä <juha.yrjola@iki.fi>.
This manpage was contributed by Olaf Kirch <okir@lst.de>.

285
man/old/pkcs15-init.1
View File

@ -1,285 +0,0 @@
.PU
.ds nm \fBpkcs15-init\fR
.TH pkcs15-init 1 "" "" OpenSC
.SH NAME
pkcs15-init \- smart card personalization utility
.SH DESCRIPTION
The \*(nm(1) utility can be used to create a PKCS #15
structure on a smart card, and add key or certificate
objects. Details of the structure that will be created
are controlled via profiles.
.PP
The profile used by default is \fBpkcs15\fR. Alternative
profiles can be specified via the \fB-p\fR switch.
.SH PIN Usage
.B pkcs15-init
can be used to create a PKCS #15 structure on your smart card,
create PINs, and install keys and certificates on the card.
This process is also called \fIpersonalization\fP.
.PP
An OpenSC card can have one security officer PIN, and zero or
more user PINs. PIN stands for Personal Identification Number,
and is a secret code you need to present to the card before
being allowed to perform certain operations, such as using
one of the stored RSA keys to sign a document, or modifying
the card itself.
.PP
Usually, PINs are a sequence of decimal digits, but some cards will
accept arbitrary ASCII characters. Be aware however that using
characters other than digits will make the card unusable with PIN pad
readers, because those usually have keys for entering digits only.
.PP
The security officer (SO) PIN is special; it is used to protect
meta data information on the card, such as the PKCS #15 structure
itself. Setting the SO PIN is optional, because the worst that can
usually happen is that someone finding your card can mess it up.
To extract any of your secret keys stored on the card, an attacker
will still need your user PIN, at least for the default OpenSC profiles.
However, it is possible to create card profiles that will allow the
security officer to override user PINs.
.PP
For each PIN, you can specify a PUK (also called
\fIunblock PIN\fP). The PUK can be used to overwrite or unlock
a PIN if too many incorrect values have been entered in a row.
.SH MODES OF OPERATION
.SS Initialization
This is the first step during card personalization, and
will create the basic files on the card.
To create the initial PKCS #15 structure, invoke the utility as
.PP
.B " pkcs15-init --create-pkcs15
.PP
You will then be asked for several the security officer PIN and PUK.
Simply pressing return at the SO PIN prompt will skip installation
of an SO PIN.
.PP
If the card supports it, you can also request that the card is erased
prior to creating the PKCS #15 structure, by specifying the
.B --erase-card
option.
.SS User PIN Installation
Before installing any user objects such as private keys, you need
at least one PIN to protect these objects. you can do this using
.PP
.BI " pkcs15-init --store-pin --id " nn
.PP
where \fInn\fP is a PKCS #15 ID in hexadecimal notation. Common values
are \fB01\fP, \fB02\fP, etc.
.PP
Entering the command above will ask you for the user's PIN and PUK.
If you do not wish to install an unblock PIN, simply press return
at the PUK prompt.
.PP
To set a label for this PIN object (which can be used by applications
to display a meaningful prompt to the user), use the
\fB--label\fP command line option.
.SS Key Generation
\*(nm lets you generate a new key and store it on the card.
You can do this using:
.PP
.BI " pkcs15-init --generate-key " keyspec " --auth-id " nn
.PP
where
.I keyspec
describes the algorithm and length of the key to be created,
such as
.BR rsa/512 .
This will create a 512 bit RSA key. Currently, only RSA key
generation is supported. Note that cards usually support just
a few different key lengths. Almost all cards will support
512 and 1024 bit keys, some will support 768 or 2048 as well.
.PP
\fInn\fP is the ID of a user PIN installed previously, e.g. \fB01\fP.
.PP
In addition to storing the private portion of the key on the
card, \*(nm will also store the the public portion of the key
as a PKCS #15 public key object.
.PP
By default, \*(nm will try to use the card's on-board key
generation facilities, if available. If the card does not
support on-board key generation, \*(nm will fall back to
software key generation.
.SS Private Key Download
You can use a private key generated by other means and download
it to the card. For instance, to download a private key contained
in a file named
.B okir.pem ,
which is in PEM format, you would use
.PP
.B " pkcs15-init --store-private-key okir.pem --id 45 --auth-id 01
.PP
If the key is protected by a pass phrase, \*(nm will prompt
you for a pass phrase to unlock the key.
.PP
In addition to storing the private portion of the key on the
card, \*(nm will also store the the public portion of the key
as a PKCS #15 public key object.
.PP
Note the use of the
.B --id
option. The current
.B pkcs15
profile defines two key templates, one for authentication (key ID 45),
and one for non-repudiation purposes (key ID 46). Other key
templates will probably be added in the future. Note that you don't
specify a key ID, \*(nm will pick just the first key template
defined by the profile.
.PP
In addition to the PEM key file format, \*(nm also supports DER encoded
keys, and PKCS #12 files. The latter is the file format used by
Netscape Navigator (among others) when exporting certificates to
a file. A PKCS #12 file usually contains the X.509 certificate
corresponding to the private key. If that is the case,
\*(nm will store the certificate instead of the public key portion.
.SS Public Key Download
You can also download individual public keys to the card using
the
.B \-\-store-public-key
option, which takes a filename as an argument. This file is supposed
to contain the public key. If you don't specify a key file format
using the
.B \-\-format
option, \*(nm will assume PEM format.
The only other supported public key file format is DER.
.PP
Since the corresponding public keys are always downloaded
automatically when generating a new key, or when downloading a
private key, you will probably use this option only very rarely.
.SS Certificate Download
You can download certificates to the card using the
.B \-\-store-certificate
option, which takes a filename as an argument. This file is supposed
to contain the DER encoded X.509 certificate.
.SS Downloading PKCS #12 bags
Most browsers nowadays use PKCS #12 format files when you ask them to
export your key and certificate to a file. \*(nm is capable of parsing
these files, and storing their contents on the card in a single operation.
This works just like storing a private key, except that you need to
specify the file format:
.PP
.nf
.BI " pkcs15-init --store-private-key okir.p12 --format pkcs12
.BI " --auth-id 01
.fi
This will install the private key contained in the file \fBokir.p12\fP,
and protected it with the PIN referenced by authentication ID \fB01\fP.
It will also store any X.509 certificates contained in the file,
which is usually the user certificate that goes with the key,
as well as the CA certificate.
.SH OPTIONS
.TP
.BR \-\-profile " \fIname\fP, " \-p " \fIname\fP"
Tells \*(nm to load the specified general profile. Currently, the
only application profile defined is
.BR pkcs15 ,
but you can write your own profiles and specify them using this
option.
.IP
The profile name can be combined with one or more \fIprofile options\fP,
which slightly modify the profile's behavior. For instance, the
default OpenSC profile supports the \fBopenpin\fP option, which
installs a single PIN during card initialization. This PIN is then
used both as the SO PIN as well as the user PIN for all keys stored
on the card.
.IP
Profile name and options are separated by a \fB+\fP character,
as in \fBpkcs15+onepin\fP.
.TP
.BR \-\-card-profile " \fIname\fP, " \-c " \fIname\fP"
Tells \*(nm to load the specified card profile option.
You will rarely need this option.
.TP
.BR \-\-create-pkcs15 ", " \-C
This tells \*(nm to create a PKCS #15 structure on the card, and
initialize any PINs.
.TP
.BR \-\-erase-card ", " \-E
This will erase the card prior to creating the PKCS #15 structure,
if the card supports it. If the card does not support erasing,
\*(nm will fail.
.TP
.BR \-\-generate-key " \fIkeyspec\fP, " \-G " \fIkeyspec\fP
Tells the card to generate new key and store it on the card.
.I keyspec
consists of an algorithm name (currently, the only supported
name is
.BR RSA ),
optionally followed by a slash and the length of the key in bits.
It is a good idea to specify the key ID along with this
command, using the
.BR \-\-id " option.
.TP
.BR \-\-store-private-key " \fIfilename\fP, " -S " \fIfilename\fP"
Tells \*(nm to download the specified private key to the card.
This command will also create a public key object containing
the public key portion.
By default, the file is assumed to contain the key in PEM format.
Alternative formats can be specified using
.BR \-\-format .
It is a good idea to specify the key ID along with this
command, using the
.BR \-\-id " option.
.TP
.BR \-\-store-public-key " \fIfilename\fP, " -P " \fIfilename\fP"
Tells \*(nm to download the specified public key to the card
and create a public key object with the key ID specified via the
.BR \-\-id " option.
By default, the file is assumed to contain the key in PEM format.
Alternative formats can be specified using
.BR \-\-format .
.TP
.BR \-\-store-certificate " \fIfilename\fX, " -P " \fIfilename\fP"
Tells \*(nm to store the certificate given in
.I filename
on the card, creating a certificate object with the ID specified
via the
.BR \-\-id " option. The file is assumed to contain the
DER encoded certificate.
.TP
.BR \-\-so-pin ", " \-\-so-puk ", " \-\-pin ", " \-\-puk
These options can be used to specify PIN/PUK values on the
command line. Note that on most operation systems, any
user can display the command line of any process on the
system using utilities such as
.BR ps (1).
Therefore, you should use these options only on a secured
system, or in an options file specified with
.BR \-\-options-file .
.TP
.BR \-\-passphrase
When downloading a private key,
this option can be used to specify the pass phrase to unlock
the private key. The same caveat applies here as in the
case of the
.B \-\-pin
options.
.TP
.BR \-\-use\-default\-transport\-keys ", " \-T
Always ask for transport keys etc, even if the driver thinks
it knows the key.
.TP
.BI \-\-options-file " filename"
Tells \*(nm to read additional options from
.IR filename .
The file is supposed to contain one long option per line, without
the leading dashes, for instance:
.IP
.nf
pin frank
puk zappa
.fi
.PP
You can specify
.B \-\-options-file
several times.
.TP
.BR \-\-verbose ", " \-v
Causes \*(nm to be more verbose. Specify this flag several times
to enable debug output in the opensc library.
.SH SEE ALSO
.BR pkcs15-profile (5) .
.SH BUGS
This manual page is usually out of date. Please cross-check options
using the \fB--help\fP option.
.SH AUTHORS
\*(nm was written by Olaf Kirch <okir@lst.de>

38
man/old/pkcs15-profile.5.in
View File

@ -1,38 +0,0 @@
.PU
.ds nm \fBpkcs15-profile\fP
.TH pkcs15-profile 5 "" "" OpenSC
.SH NAME
pkcs15-profile \- format of profiles for \*(nm
.SH DESCRIPTION
The \*(nm(1) utility for PKCS #15 smart card personalization
is controlled via profiles. When starting, it will read two
such profiles at the moment, a generic application profile,
and a card specific profile. The generic profile must be
specified on the command line, while the card specific file
is selected based on the type of card detected.
.PP
The generic application profile defines general information
about the card layout, such as the path of the application DF,
various PKCS #15 files within that directory, and the access
conditions on these files. It also defines general information
about PIN, key and certificate objects. Currently, there is
only one such generic profile,
.IR pkcs15.profile .
.PP
The card specific profile contains additional information
required during card intialization, such as location of
PIN files, key references etc.
.PP
Profiles currently reside in
.PP
.B @pkgdata@
.SH SYNTAX
This section should contain information about the profile
syntax. Will add this soonishly.
.SH SEE ALSO
.BR pkcs15 (7) ,
.BR pkcs15-init (1) ,
.BR pkcs15-crypt (1) ,
.BR opensc (7) .
.SH AUTHORS
\*(nm was written by Olaf Kirch <okir@lst.de>.

77
man/old/pkcs15-tool.1
View File

@ -1,77 +0,0 @@
.PU
.ds nm \fBpkcs15-tool\fR
.TH pkcs15-tool 1 "September 3, 2002" "" OpenSC
.SH NAME
pkcs15-tool \- utility for manipulating PKCS #15 data structures on smart cards and similar security tokens
.SH SYNOPSIS
\*(nm
.RI [OPTIONS]
.SH DESCRIPTION
The \*(nm utility is used to manipulate the PKCS #15
data structures on smart cards and similar security tokens.
Users can list and read PINs, keys and
certificates stored on the token. User PIN authentication is
performed for those operations that require it.
.SH OPTIONS
.TP
.BR \-\-learn\-card ", " \-L
Cache PKCS #15 token data to the local filesystem. Subsequent
operations are performed on the cached data where possible. If
the cache becomes out\-of\-sync with the token state (eg. new
key is generated and stored on the token), the cache should
be updated or operations may show stale results.
.TP
.BR "\-\-read\-certificate " \fIcert\fP ", \-r " \fIcert\fP
Reads the certificate with the given id.
.TP
.BR \-\-list\-certificates ", " \-c
Lists all certificates stored on the token.
.TP
.BR \-\-list\-pins
Lists all PINs stored on the token. General information about
each PIN is listed (eg. PIN name). Actual PIN values are not shown.
.TP
.BR \-\-change\-pin
Changes a PIN stored on the token. User authentication is required
for this operation.
.TP
.BR \-\-list\-keys ", " \-k
Lists all private keys stored on the token. General information about
each private key is listed (eg. key name, id and algorithm). Actual private
key values are not displayed.
.TP
.BR \-\-list\-public\-keys
Lists all public keys stored on the token, including key name, id,
algorithm and length information.
.TP
.BR "\-\-read\-public\-key " \fIid\fP
Reads the public key with id \fIid\fP, allowing the user to
extract and store or use the public key.
.TP
.BR "\-\-output " \fIfilename\fP ", \-o " \fIfilename\fP
Specifies where key output should be written. If \fIfilename\fP already
exists, it will be overwritten. If this option is not given, keys will
be printed to standard output.
.TP
.BR \-\-no\-cache
Disables token data caching.
.TP
.BR "\-\-pin\-id " \fIpin\fP ", \-a " \fIpin\fP
Specifies the auth id of the PIN to use for the operation. This
is useful with the \-\-change\-pin operation.
.TP
.BR "\-\-reader " \fInum\fP
Forces \*(nm to use reader number \fInum\fP for operations. The default
is to use reader number 0, the first reader in the system.
.TP
.BR \-\-verbose ", " \-v
Causes \*(nm to be more verbose. Specify this flag several times
to enable debug output in the opensc library.
.SH SEE ALSO
.BR opensc (7),
.BR pkcs15-init (1),
.BR pkcs15-crypt (1)
.SH AUTHORS
\*(nm was written by Juha Yrjölä <juha.yrjola@iki.fi>.
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
for the Debian GNU/Linux system (but may be used by others).

62
man/old/pkcs15.7
View File

@ -1,62 +0,0 @@
.PU
.ds nm \fBpkcs15\fP
.TH pkcs15 7 "" "" OpenSC
.SH NAME
pkcs15 \- standard for storing information on smart cards
.SH DESCRIPTION
The PKCS #15 standard is available from
.BR http://www.rsasecurity.com/rsalabs/pkcs .
This document does not try to cover PKCS #15 in detail; it
just tries to give readers not familiar with the standard a
brief overview.
.PP
PKCS #15 defines a standard how to store keys, certificates
and possibly other data on a smart card, and how to describe
certain meta information (such as what PIN the user needs to
present before he's allowed to use a certain private key).
.PP
A PKCS #15 compliant smart card can contain one or more
applications. There is one ``meta directory'' that contains
a list of all applications. On cards that support an ISO 7816
compatible file system, each application usually resides in
a directory of its own.
.PP
Within each application directory,
PKCS #15 defines a structure of meta files (also
called Directory Files) that contain information on objects
stored on the card. For instance, there is a private key
directory file (or PrKDF for short) that contains a list of
private keys stored on the card. Likewise, there's a
public key directory file (PuKDF) and a certificate directory
file (CDF).
.PP
One fairly important PKCS #15 directory file is the AODF, or
authorization object directory file, which describes
the PINs held by the card. Note the AODF does not contain
the PINs themselves; this is something that is highly
card specific. What the AODF does contain however is
a descriptive label for each PIN, and additional information
required to authenticate against this PIN (sorry if this
is very vague, but unless you really want to know, we'll
better leave it at that, for the sake of your and my sanity :-).
.PP
Each object stored in a PKCS #15 structure has an ID
assigned to it, so that related objects can reference
one another. For instance, if a private key is protected
by a PIN, the PrKDF entry for this key will contain
an Authentication ID field that points to the AODF entry
for this PIN.
.PP
Similarly, if the card contains a certificate corresponding
to a private key stored on this card, the CDF entry for the
certificate will have the same ID as the PrKDF entry for
the private key. The same is true of public key objects.
.SH BUGS
This manual page is a little terse.
.PP
The use of the term Directory File in PKCS #15 is somewhat
unfortunate. Normally, a PKCS #15 DF is just a plain
(elementary) file, not a directory file in the sense of
ISO 7816.
.SH AUTHORS
This manual page was written by Olaf Kirch <okir@lst.de>.

30
man/old/sc_connect_card.3
View File

@ -1,30 +0,0 @@
.TH sc_connect_card 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_connect_card \- connect to smart card in reader
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "int sc_connect_card(sc_reader_t *" reader ",
.BI " int " slot ", sc_card_t **" card ");
.fi
.SH DESCRIPTION
This function connects to a card in a reader, resets the card
and retrieves the ATR (Answer To Reset). Based on the ATR, it
tries to auto-detect which card driver to use.
.PP
The \fIslot\fP parameter identifies the card reader's slot.
Slots are numbered consecutively, starting at \fB0\fP.
.PP
If OpenSC was able to connect to the card, a pointer to the
\fBsc_card_t\fP object is stored in the location pointer to
by the \fIcard\fP parameter. The card handle should be
released with \fBsc_disconnect_card\fP(3) when no longer in used.
.SH RETURN VALUE
If an error occurred, a negative error code is returned, as described
in \fbsc_error\fP(3). Otherwise, the function will return 0.
.SH SEE ALSO
.BR sc_establish_context (3),
.BR sc_disconnect_card (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

36
man/old/sc_detect_card_presence.3
View File

@ -1,36 +0,0 @@
.TH sc_detect_card_presence 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_detect_card_presence \- detect whether a card is present in a reader
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "int sc_detect_card_presence(sc_reader_t *" reader ",
.BI " int " slot ");
.fi
.SH DESCRIPTION
This function is used to detect the presence of a smart card in
a card reader device. The \fIslot\fP parameter identifies the
card reader's slot. Slots are numbered consecutively, starting at
\fB0\fP.
.SH RETURN VALUE
If a card is present, a positive value is returned that is a combination
of the following flags:
.TP
.B SC_SLOT_CARD_PRESENT
A card was detected.
.TP
.B SC_SLOT_CARD_CHANGED
The card was inserted and/or removed since the last call. Note that
this flag is not entirely reliable depending on the OS platform and
middleware. CT\-API doesn't support it at all, for instance, while PC/SC
on Windows occasionally returns false CHANGE events.
.PP
If an error occurred, a negative error code is returned, as described
in \fbsc_error\fP(3).
.SH SEE ALSO
.BR sc_establish_context (3),
.BR sc_wait_for_event (3),
.BR sc_connect_card (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

26
man/old/sc_disconnect_card.3
View File

@ -1,26 +0,0 @@
.TH sc_disconnect_card 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_disconnect_card \- disconnect from smart card
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "int sc_disconnect_card(sc_card_t *" card ",
.BI " int " action ");
.fi
.SH DESCRIPTION
This function disconnects from a card in a reader, and frees the card
structure. Any locks made by the application must be released before
calling this function.
.PP
The \fIaction\fP parameter is not used at the moment and
should be set to 0.
.PP
The card is not reset nor powered down after the operation.
.SH RETURN VALUE
If an error occurred, a negative error code is returned, as described
in \fbsc_error\fP(3). Otherwise, the function will return 0.
.SH SEE ALSO
.BR sc_connect_card (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

61
man/old/sc_establish_context.3
View File

@ -1,61 +0,0 @@
.TH sc_establish_context 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_establish_context \- establish OpenSC context
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "int sc_establish_context(sc_context_t **" ctx ",
.BI " const char *" app_name ");
.fi
.SH DESCRIPTION
This function establishes an OpenSC context. This context is required
in all subsequent calls to OpenSC functions.
.PP
\fIctx\fP is a pointer to a pointer that will receive the allocated context.
.PP
\fIapp_name\fP is a string that identifies the application. This string will
be used to apply application-specific from the \fBopensc.conf\fP(5) configuration
file. If \fBNULL\fP is passed, just the settings specified in the \fBdefault\fP
section apply; otherwise, settings from the section identified by \fIapp_name\fP
will be applied as well.
.PP
The \fBsc_context\fP structure contains the following members, among
others:
.PP
.in +4
.nf
.B "typedef struct sc_context {
.B " struct sc_reader *reader[SC_MAX_READERS];
.B " int reader_count;
.B "} sc_context_t;
.fi
.in
.PP
The \fBreader_count\fP field contains the number of readers found by
OpenSC. Information on the individual card readers are stored in
\fBsc_reader\fP objects, which look like follows:
.PP
.in +4
.nf
.B "typedef struct sc_reader {
.B " char *name;
.B " int slot_count;
.B "} sc_reader_t;
.fi
.in
.PP
Here, \fBname\fP contains a printable name of the reader, and \fBslot_count\fP
shows the number of slots supported by this device.
.PP
Of course, these structs contain other members as well, but applications
usually should not use these fields.
.SH RETURN VALUE
If a context could be established, 0 is returned. Otherwise, a negative
error code is returned, as described in \fbsc_error\fP(3).
.SH SEE ALSO
.BR sc_release_context (3),
.BR sc_detect_card_presence (3),
.BR sc_connect_card (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

65
man/old/sc_file.3
View File

@ -1,65 +0,0 @@
.TH sc_file 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_file \- OpenSC file struct
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.B "typedef struct sc_file {
.B " struct sc_path path;
.B " int type, ef_structure;
.B " size_t size;
.B " int id;
.B "
.B " /* record structured files only */
.B " int record_length;
.B " int record_count;
.B "} sc_file_t;
.fi
.SH DESCRIPTION
This structure describes a file object on a smart card.
It contains the following members:
.TP
.B path
This is the full path to the file, starting at the MF.
.TP
.B type
This is the file type. If can be one of
.BR SC_FILE_TYPE_DF ,
.BR SC_FILE_TYPE_WORKING_EF ", or
.BR SC_FILE_TYPE_INTERNAL_EF .
The latter is used by some cards only, and you normally shouldn't
have to deal with these files.
.TP
.B ef_structure
For elementary files (EFs), this field describes the file's
structure. It can be one of
.IP
.nf
.BR SC_FILE_EF_TRANSPARENT
.BR SC_FILE_EF_LINEAR_FIXED
.BR SC_FILE_EF_LINEAR_FIXED_TLV
.BR SC_FILE_EF_LINEAR_VARIABLE
.BR SC_FILE_EF_LINEAR_VARIABLE_TLV
.BR SC_FILE_EF_CYCLIC
.BR SC_FILE_EF_CYCLIC_TLV
.BR SC_FILE_EF_UNKNOWN
.fi
.TP
.B size
gives the file's size in bytes.
.TP
.B id
gives the file's ID, as a 16bit number.
.TP
.BR record_count ", " record_length
For record structured files, \fBrecord_count\fP specifies the
number of records in the file. For files with fixed length
records, \fBrecord_length\fP contains the record length.
.SH SEE ALSO
.BR sc_path (3),
.BR sc_file_new (3),
.BR sc_file_free (3),
.BR sc_select_file (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

17
man/old/sc_file_free.3
View File

@ -1,17 +0,0 @@
.TH sc_file_free 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_file_free \- release an OpenSC file object
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "void sc_file_free(sc_file_t *" file ");
.fi
.SH DESCRIPTION
This function releases a file object previously allocated by
\fBsc_select_file\fP.
.SH SEE ALSO
.BR sc_file (3),
.BR sc_select_file (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

18
man/old/sc_file_new.3
View File

@ -1,18 +0,0 @@
.TH sc_file_new 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_file_new \- create an OpenSC file object
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "sc_file_t *sc_file_new(void);
.fi
.SH DESCRIPTION
This function creates an empty OpenSC file object, which
can later be passed to \fBsc_create_file\fP(3).
.SH SEE ALSO
.BR sc_file (3),
.BR sc_file_free (3),
.BR sc_create_file (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

33
man/old/sc_list_files.3
View File

@ -1,33 +0,0 @@
.TH sc_list_files 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_list_files \- list files on a smart card
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "int sc_list_files(sc_card_t *" card ",
.BI " unsigned char *" buffer ",
.BI " size_t " buflen ");
.fi
.SH DESCRIPTION
This function lists all files in the currently selected DF,
and stores the the file IDs as big-endian 16bit words
in \fIbuffer\fP. If the supplied buffer is too small to
hold all file IDs, the listing is silently truncated.
.PP
.SH RETURN VALUE
If an error occurred, a negative error code is returned, as described
in \fbsc_error\fP(3). Otherwise, the function will return the
number of bytes stored in \fIbuffer\fP.
.SH SEE ALSO
.BR sc_file (3),
.BR sc_path (3),
.BR sc_establish_context (3),
.BR sc_select_file (3),
.BR sc_read_binary (3),
.BR sc_read_record (3),
.BR sc_delete_file (3),
.BR sc_create_file (3),
.BR sc_file_free (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

46
man/old/sc_lock.3
View File

@ -1,46 +0,0 @@
.TH sc_lock 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_lock, sc_unlock \- lock or unlock smart card
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "int sc_lock(sc_card_t *" card ");
.BI "int sc_unlock(sc_card_t *" card ");
.fi
.SH DESCRIPTION
These functions handle locking of smart cards, in order to prevent
concurrent access to the same card by different users.
.PP
Locking is important to prevent unauthorized access to the card
after presenting the PIN, for instance.
.PP
After a call to \fBsc_lock\fP, concurrent access by other application
to the same smart card reader is disallowed, provided the reader
middleware supports this (see below). A lock must later be released
by calling \fBsc_unlock\fP. When disconnecting from the card using
\fBsc_disconnect_card\fP, there must not be anymore locks on the
card.
.PP
Calls to \fBsc_lock\fP may be nested, i.e. if \fBsc_lock\fP is called
five times in a row, the lock will not be released until the fifth
call to \fBsc_unlock\fP.
.PP
Note that these functions do not offer mutual exclusion for different
threads within the same application process. Multithread locking is
the application's job (Note that the OpenSC PKCS11 module provides
MT locking facilities, as that's part of the standard).
.SH NOTES
Whether locking is effective depends a lot on the middleware
used to talk to the card reader. CT\-API based drivers for instance
perform no interprocess locking at all.
.PP
The only middleware implementations currently supported by OpenSC that
do perform this type of locking are PC/SC and OpenCT.
.SH RETURN VALUE
If an error occurred, a negative error code is returned, as described
in \fbsc_error\fP(3). Otherwise, the function will return 0.
.SH SEE ALSO
.BR sc_connect_card (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

90
man/old/sc_pkcs15_compute_signature.3
View File

@ -1,90 +0,0 @@
.TH sc_pkcs15_compute_signature 3 "July 2003" "OpenSC Programmer's Manual
.SH NAME
sc_pkcs15_compute_signature \- compute digitial signature
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
.BI " const struct sc_pkcs15_object *obj,
.BI " unsigned long flags, const u8 *in, size_t inlen,
.BI " u8 *out, size_t outlen);
.fi
.SH DESCRIPTION
This function digitally signs the data pointed to by
.BR in ,
using the key identified by
.BR obj ,
and places the resulting signature in the buffer pointed to by
.BR out .
The signature operation will be performed on the smart card
identified by
.BR p15card .
.PP
Currently, only RSA signatures are supported.
.PP
The
.B flags
argument provides additional information on how the signature is
to be computed. In particular, it specifies how the input data
should be padded:
.TP
.B SC_ALGORITHM_RSA_RAW
requests that the card should sign the provided data as-is.
The length of the input data must match the modulus length
of the key.
.TP
.B SC_ALGORITHM_RSA_PAD_PKCS1
requests that the card should sign the provided data,
padding it according to the padding algorithm specified
in PKCS #1.
.IP
The input data must be the output of a digest (hash) function.
As PKCS #1 padding includes an identifier of the hash algorithm
used, the
.B flags
argument must indicate the hash algorithm used,
by ORing
.B SC_ALGORITHM_RSA_PAD_PKCS1
with one of the following values:
.BR SC_ALGORITHM_RSA_HASH_MD5 ,
.BR SC_ALGORITHM_RSA_HASH_SHA1 ,
.BR SC_ALGORITHM_RSA_HASH_RIPEMD160 ,
.BR SC_ALGORITHM_RSA_HASH_MD5_SHA1 , or
.BR SC_ALGORITHM_RSA_HASH_NONE .
.IP
In any of these cases, the length of the input data must match
the digest length of the hash algorithm. In the first 3 cases,
the respective digestinfo is prepended to the input data (the
hash), in the last 2 cases, no digestinfo is prepended.
.TP
.B SC_ALGORITHM_RSA_PAD_ANSI
requests that the card should use ANSI padding when signing the
provided data.
.TP
.B SC_ALGORITHM_RSA_PAD_ISO9796
requests that the card should use ISO 9796 padding when signing the
provided data.
.\"
.\"
.\"
.SH Card Driver Considerations
Depending on the card's capabilities,
.B sc_pkcs15_compute_signature
is able to process the provided data so that it is in a form
suitable for the card. For instance, if a smart card supports
raw RSA only, the function will have to add the required
padding before passing it to the card driver.
Conversely, an error should be returned if the card supports
only PKCS #1 padding with a specific set of hash algorithms.
.PP
...
.SH RETURN VALUE
If an error occurred, a negative error code is returned, as described
in \fbsc_error\fP(3). Otherwise, the function will return the
size of the signature.
.SH SEE ALSO
.BR sc_pkcs15_decipher (3),
.BR sc_compute_signature (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

54
man/old/sc_read_binary.3
View File

@ -1,54 +0,0 @@
.TH sc_read_binary 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_read_binary, sc_write_binary, sc_update_binary \- read and write files on a smart card
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "int sc_read_binary(sc_card_t *" card ",
.BI " unsigned int " offset ",
.BI " unsigned char *" buffer ",
.BI " size_t " count ",
.BI " unsigned long " flags ");
.BI "int sc_write_binary(sc_card_t *" card ",
.BI " unsigned int " offset ",
.BI " const unsigned char *" buffer ",
.BI " size_t " count ",
.BI " unsigned long " flags ");
.BI "int sc_update_binary(sc_card_t *" card ",
.BI " unsigned int " offset ",
.BI " const unsigned char *" buffer ",
.BI " size_t " count ",
.BI " unsigned long " flags ");
.fi
.SH DESCRIPTION
These functions read and write transparent elementary files (EFs)
on a smart card. The correspond to the ISO 7816 functions
READ BINARY, WRITE BINARY and UPDATE BINARY, respectively.
(The difference between write and update is that the former
means writing to an uninitialized file, while the latter
is intended to update a file region previously written to -
some card have different access conditions for these operations).
.PP
The \fIoffset\fP argument specifies the file offset in bytes.
Note that some cards may not allow writing at arbitrary offsets.
Some versions of the GPK require that read/write operations on
transparent files are aligned on a 4-byte boundary.
.PP
The \fIflags\fP argument is currently not used, and should be set
to 0.
.SH RETURN VALUE
If an error occurred, a negative error code is returned, as described
in \fbsc_error\fP(3). Otherwise, the function will return the
number of bytes read or written.
.SH SEE ALSO
.BR sc_file (3),
.BR sc_path (3),
.BR sc_establish_context (3),
.BR sc_select_file (3),
.BR sc_read_record (3),
.BR sc_delete_file (3),
.BR sc_create_file (3),
.BR sc_file_free (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

56
man/old/sc_read_record.3
View File

@ -1,56 +0,0 @@
.TH sc_read_record 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_read_record, sc_write_record, sc_update_record \- read and write files on a smart card
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "int sc_read_record(sc_card_t *" card ",
.BI " unsigned int " rec_nr ",
.BI " unsigned char *" buffer ",
.BI " size_t " count ",
.BI " unsigned long " flags ");
.BI "int sc_write_record(sc_card_t *" card ",
.BI " unsigned int " rec_nr ",
.BI " const unsigned char *" buffer ",
.BI " size_t " count ",
.BI " unsigned long " flags ");
.BI "int sc_update_record(sc_card_t *" card ",
.BI " unsigned int " rec_nr ",
.BI " const unsigned char *" buffer ",
.BI " size_t " count ",
.BI " unsigned long " flags ");
.BI "int sc_append_record(sc_card_t *" card ",
.BI " const unsigned char *" buffer ",
.BI " size_t " count ",
.BI " unsigned long " flags ");
.fi
.SH DESCRIPTION
This functions read and write record-structured elementary files
(EFs) on a smart card. The correspond to the ISO 7816 functions READ
RECORD, WRITE RECORD, APPEND RECORD and UPDATE RECORD, respectively.
(The difference between write and update is that the former means writing
to an uninitialized file, while the latter is intended to update a record
previously written to - some card have different access conditions for
these operations).
.PP
The \fIrec_nr\fP argument specifies the number of the record to be
written to, starting at 0.
.PP
The \fIflags\fP argument is currently not used, and should be set
to 0.
.SH RETURN VALUE
If an error occurred, a negative error code is returned, as described
in \fbsc_error\fP(3). Otherwise, the function will return the
number of bytes read or written.
.SH SEE ALSO
.BR sc_file (3),
.BR sc_path (3),
.BR sc_establish_context (3),
.BR sc_select_file (3),
.BR sc_read_binary (3),
.BR sc_delete_file (3),
.BR sc_create_file (3),
.BR sc_file_free (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

19
man/old/sc_release_context.3
View File

@ -1,19 +0,0 @@
.TH sc_release_context 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_release_context \- release OpenSC context
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "int sc_release_context(struct sc_context *" ctx ");
.fi
.SH DESCRIPTION
This function releasees an OpenSC context previously obtain through
a call to \fBsc_establish_context\fP(3). No further calls to
OpenSC using this context are possible after this.
.PP
\fIctx\fP is the pointer to the context that should be released.
.SH SEE ALSO
.BR sc_establish_context (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>

38
man/old/sc_select_file.3
View File

@ -1,38 +0,0 @@
.TH sc_select_file 3 "April 2003" "OpenSC Programmer's Manual
.SH NAME
sc_select_file \- select a file on a smart card
.SH SYNOPSIS
.nf
.B #include <opensc.h>
.sp
.BI "int sc_select_file(sc_card_t *" card ",
.BI " const sc_path_t *" path ",
.BI " sc_file_t ** "result ");
.fi
.SH DESCRIPTION
This function selects the file specified by \fIpath\fP.
If \fIpath\fP specifies a file within the currently selected
DF, \fBsc_select_file\fP will \fInot\fP select the MF first,
but interpret the path relative to the current DF. It does
this in order to prevent losing any authorizations previously
established with the card (e.g. by presenting a PIN).
.PP
If \fIresult\fP is not NULL, an \fBsc_file\fP(3) object is
created, and the pointer to this object is stored in the
location pointed to by \fIresult\fP. This handle should later
be released using \fBsc_file_free\fP(3).
.SH RETURN VALUE
If an error occurred, a negative error code is returned, as described
in \fbsc_error\fP(3). Otherwise, the function will return 0.
.SH SEE ALSO
.BR sc_file (3),
.BR sc_path (3),
.BR sc_establish_context (3),
.BR sc_file_free (3),
.BR sc_read_binary (3),
.BR sc_read_record (3),
.BR sc_delete_file (3),
.BR sc_list_files (3),
.BR sc_create_file (3).
.SH AUTHOR
This manual page was written by Olaf Kirch <okir@suse.de>