remove old man pages (replaced by new man pages in xml format).
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2813 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
8fac2eaac2
commit
b1322ecd39
|
@ -1,33 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBcardos-info\fR
|
||||
.TH cardos-info 1 "December 11, 2003" "" OpenSC
|
||||
.SH NAME
|
||||
cardos-info \- Displays information about Card OS based security tokens
|
||||
.SH SYNOPSIS
|
||||
\*(nm
|
||||
.RI [OPTIONS]
|
||||
.SH DESCRIPTION
|
||||
The \*(nm utility is used to display information about
|
||||
smart cards and similar security tokens based on Siemens Card/OS M4.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.BR "\-\-reader " \fInumber\fP ", \-r " \fInumber\fP
|
||||
Display information about the token in reader number \fInumber\fP.
|
||||
The default is reader 0.
|
||||
.TP
|
||||
.BR "\-\-card\-driver " \fIname\fP ", \-c " \fIname\fP
|
||||
Use the card driver specified by \fIname\fP.
|
||||
The default is to auto-detect the correct card driver.
|
||||
.TP
|
||||
.BR \-\-wait ", " \-w
|
||||
Causes \*(nm to wait for the token to be inserted into \fIreader\fP.
|
||||
.TP
|
||||
.BR \-\-verbose ", " \-v
|
||||
Causes \*(nm to be more verbose. Specify this flag several times
|
||||
to enable debug output in the opensc library.
|
||||
.SH SEE ALSO
|
||||
.BR opensc (7).
|
||||
.SH AUTHORS
|
||||
\*(nm was written by Juha Yrjölä and Andreas Jellinghaus <aj@dungeon.inka.de>.
|
||||
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
|
||||
for the Debian GNU/Linux system (but may be used by others).
|
|
@ -1,69 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBcryptoflex-tool\fR
|
||||
.TH cryptoflex-tool 1 "September 3, 2002" "" OpenSC
|
||||
.SH NAME
|
||||
cryptoflex-tool \- utility for manipulating Schlumberger Cryptoflex data structures
|
||||
.SH SYNOPSIS
|
||||
\*(nm
|
||||
.RI [OPTIONS]
|
||||
.SH DESCRIPTION
|
||||
\*(nm is used to manipulate PKCS
|
||||
data structures on Schlumberger Cryptoflex smart cards.
|
||||
Users can create, list and read PINs and keys
|
||||
stored on the smart card. User PIN authentication is
|
||||
performed for those operations that require it.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.BR \-\-verify\-pin ", " \-V
|
||||
Verifies CHV1 before issuing commands
|
||||
.TP
|
||||
.BR \-\-list\-keys ", " \-l
|
||||
Lists all keys stored in a public key file
|
||||
.TP
|
||||
.BR "\-\-create\-key\-files " \fIarg\fP ", \-c " \fIarg\fP
|
||||
Creates new RSA key files for \fIarg\fP keys
|
||||
.TP
|
||||
.BR "\-\-create\-pin\-files " \fIid\fP ", \-P " \fIid\fP
|
||||
Creates new PIN file for CHV\fIid\fP
|
||||
.TP
|
||||
.BR "\-\-generate\-key, \-g"
|
||||
Generate a new RSA key pair
|
||||
.TP
|
||||
.BR "\-\-read\-key "
|
||||
Reads a public key from the card, allowing the user to
|
||||
extract and store or use the public key
|
||||
.TP
|
||||
.BR "\-\-key\-num " \fInum\fP ", \-k " \fInum\fP
|
||||
Specifies the key number to operate on. The default is key number 1.
|
||||
.TP
|
||||
.BR "\-\-app\-df " \fInum\fP ", \-a " \fInum\fP
|
||||
Specifies the DF to operate in
|
||||
.TP
|
||||
.BR "\-\-prkey\-file " \fIid\fP ", \-p " \fIid\fP
|
||||
Specifies the private key file id, \fIid\fP, to use
|
||||
.TP
|
||||
.BR "\-\-pubkey\-file " \fIid\fP ", \-u " \fIid\fP
|
||||
Specifies the public key file id, \fIid\fP, to use
|
||||
.TP
|
||||
.BR "\-\-exponent " \fIexp\fP ", \-e " \fIexp\fP
|
||||
Specifies the RSA exponent, \fIexp\fP, to use in key generation.
|
||||
The default value is 3.
|
||||
.TP
|
||||
.BR "\-\-modulus\-length " \fIlength\fP ", \-m " \fIlength\fP
|
||||
Specifies the modulus \fIlength\fP to use in key generation. The default
|
||||
value is 1024.
|
||||
.TP
|
||||
.BR "\-\-reader " \fInum\fP ", -r " \fInum\fP
|
||||
Forces \*(nm to use reader number \fInum\fP for operations. The default
|
||||
is to use reader number 0, the first reader in the system.
|
||||
.TP
|
||||
.BR \-\-verbose ", " \-v
|
||||
Causes \*(nm to be more verbose. Specify this flag several times
|
||||
to enable debug output in the opensc library.
|
||||
.SH SEE ALSO
|
||||
.BR opensc (7),
|
||||
.BR pkcs15-tool (1)
|
||||
.SH AUTHORS
|
||||
\*(nm was written by Juha Yrjölä <juha.yrjola@iki.fi>.
|
||||
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
|
||||
for the Debian GNU/Linux system (but may be used by others).
|
|
@ -1,102 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBnetkey-tool\fR
|
||||
.TH netkey-tool 1 "May 16, 2005" "" OpenSC
|
||||
.SH NAME
|
||||
netkey-tool \- utility for NetKey E4 smart cards
|
||||
.SH SYNOPSIS
|
||||
\*(nm
|
||||
.RI [OPTIONS]
|
||||
[command]
|
||||
.SH DESCRIPTION
|
||||
The \*(nm utility can be used from the command line to perform
|
||||
some smart card operations with NetKey E4 cards that cannot
|
||||
be done easily with other OpenSC-tools, such as changing local
|
||||
PINs, storing certificates into empty NetKey E4 cert-files or
|
||||
displaying the initial PUK-value.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.BR \-\-help ", " \-h
|
||||
Displays a short help message.
|
||||
format
|
||||
.TP
|
||||
.BR \-v
|
||||
Causes \*(nm to be more verbose. Specify this flag several times
|
||||
to enable debug output in the opensc library.
|
||||
.TP
|
||||
.BR "\-\-pin " \fIpin-value\fP ", \-p " \fIpin-value\fP
|
||||
Specifies the current value of the global PIN.
|
||||
.TP
|
||||
.BR "\-\-puk " \fIpin-value\fP ", \-u " \fIpin-value\fP
|
||||
Specifies the current value of the global PUK.
|
||||
.TP
|
||||
.BR "\-\-pin0 " \fIpin-value\fP ", \-0 " \fIpin-value\fP
|
||||
Specifies the current value of the local PIN0 (aka local PIN).
|
||||
.TP
|
||||
.BR "\-\-pin1 " \fIpin-value\fP ", \-1 " \fIpin-value\fP
|
||||
Specifies the current value of the local PIN1 (aka local PUK).
|
||||
.SH PIN FORMAT
|
||||
With \fIpin-value\fP you can specify one of the cards pins.
|
||||
You may use plain ascii-strings (i.e. 123456) or a hex-string
|
||||
(i.e. 31:32:33:34:35:36). A hex-string consists
|
||||
of exacly n 2-digit hexnumbers separated by n-1 colons.
|
||||
Don't use leading or trailing colons or 1-digit hex-numbers. :12:34:
|
||||
and 1:2:3:4 are both pins of length 7 and you most likely
|
||||
intedend to use 12:34 or 01:02:03:04 wich are pins of length
|
||||
2 and 4.
|
||||
.SH COMMANDS
|
||||
When used without any options or commands, \*(nm will
|
||||
display information about the smart cards pins and
|
||||
certificates. This will not change your card in
|
||||
any aspect (assumed there are no bugs in \*(nm).
|
||||
In particular the tries-left counters of the pins
|
||||
are investigated without doing actual pin-verifications.
|
||||
|
||||
If you specify the global PIN via the \fB\-\-pin\fP option,
|
||||
\*(nm will also display the initial value of the cards
|
||||
global PUK. If your global PUK was changed \*(nm will
|
||||
still diplay its initial value. There's no way to recover
|
||||
a lost global PUK once it was changed and got lost. There's
|
||||
also no way to display the initial value of your global
|
||||
PUK without knowing the current value of your global PIN.
|
||||
|
||||
For most of the commands that \*(nm can execute, you have
|
||||
to specify one pin. One notable exeption is the
|
||||
\fBnullpin\fP command, but this command can only be executed
|
||||
once in the lifetime of a NetKey E4 card.
|
||||
.IP "\fBunblock pin | pin0 | pin1\fP" 4
|
||||
This unblocks the specified pin. This needs the value
|
||||
of another pin and if you don't specify a correct one,
|
||||
\*(nm will tell you which one is needed.
|
||||
.IP "\fBchange pin | puk | pin0 | pin1 \fIpin-value\fP" 4
|
||||
This changes the value of the specified pin to the given
|
||||
new value. This needs the value of either the same
|
||||
pin or another pin and if you don't specify a correct one,
|
||||
\*(nm will tell you which one is needed.
|
||||
.IP "\fBnullpin \fIpin-value\fP" 4
|
||||
This command can be executed only if the global PIN
|
||||
of your card is in nullpin-state. There's no way to
|
||||
return back to nullpin-state once you have changed
|
||||
your global PIN. You don't need a pin to execute
|
||||
the nullpin-command. After a succesfull nullpin-command
|
||||
\*(nm will display your cards initial PUK-value.
|
||||
.IP "\fBcert \fIno\fP \fIfilename\fP" 4
|
||||
This command will read one of your cards certificates
|
||||
(as specified by number \fIno\fP) and save this
|
||||
certificate into file \fIfilename\fP in PEM-format.
|
||||
Certificates on a NetKey E4 card are readable without
|
||||
a pin, so you don't have to specify one.
|
||||
.IP "\fBcert \fIfilename\fP \fIno\fP" 4
|
||||
This command will read the first PEM-encoded certificate from
|
||||
file \fIfilename\fP and store this into your smart cards
|
||||
certificate file number \fIno\fP. Some of your
|
||||
smart cards certificate files might be readonly, so
|
||||
this will not work with all values of \fIno\fP. If
|
||||
a certificate file is writable you must specify a
|
||||
pin in order to change it. If you try to use this
|
||||
command without specifying a pin, \*(nm will tell
|
||||
you which one is needed.
|
||||
.SH SEE ALSO
|
||||
.BR opensc (7),
|
||||
.BR opensc-explorer (1)
|
||||
.SH AUTHORS
|
||||
\*(nm was written by Peter Koch <pk_opensc@web.de>.
|
|
@ -1,49 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBopensc-config\fR
|
||||
.TH opensc-config 1 "September 4, 2002" "" OpenSC
|
||||
.SH NAME
|
||||
opensc-config \- a tool to get information about the installed version of OpenSC
|
||||
.SH SYNOPSIS
|
||||
\*(nm
|
||||
.RI [OPTIONS]
|
||||
.SH DESCRIPTION
|
||||
\*(nm is a tool that is used to get various information about the installed
|
||||
version of OpenSC. It is particularly useful in determining
|
||||
compiler and linker flags necessary to build programs with the
|
||||
OpenSC libraries.
|
||||
.SH OPTIONS
|
||||
\*(nm accepts the following options:
|
||||
.PP
|
||||
.TP
|
||||
.BR \-\-version
|
||||
Print the installed version of OpenSC to standard output.
|
||||
.TP
|
||||
.BR \-\-libs
|
||||
Print the linker flags that are needed to compile a program
|
||||
to use the OpenSC libraries.
|
||||
.TP
|
||||
.BR \-\-cflags
|
||||
Print the compiler flags that are needed to compile a program
|
||||
to use the OpenSC libraries.
|
||||
.TP
|
||||
.BR \-\-prefix=PREFIX
|
||||
If specified, use PREFIX instead of the installation
|
||||
prefix that OpenSC was built with when computing the
|
||||
output for the --cflags and --libs
|
||||
options. This option is also used for the exec
|
||||
prefix if --exec-prefix was not specified. This
|
||||
option must be specified before any --libs or
|
||||
--cflags options.
|
||||
.TP
|
||||
.BR \-\-exec\-prefix=PREFIX
|
||||
If specified, use PREFIX instead of the installation
|
||||
exec prefix that OpenSC was built with when
|
||||
computing the output for the --cflags and --libs
|
||||
options. This option must be specified before any
|
||||
--libs or --cflags options.
|
||||
.SH SEE ALSO
|
||||
.BR opensc (7)
|
||||
.SH AUTHORS
|
||||
\*(nm was written by Juha Yrjölä <juha.yrjola@iki.fi>.
|
||||
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
|
||||
for the Debian GNU/Linux system (but may be used by others).
|
|
@ -1,104 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBopensc-explorer\fR
|
||||
.TH opensc-explorer 1 "September 3, 2002" "" OpenSC
|
||||
.SH NAME
|
||||
opensc-explorer \- generic interactive utility for accessing smart card and similar security token functions
|
||||
.SH SYNOPSIS
|
||||
\*(nm
|
||||
.RI [OPTIONS]
|
||||
.SH DESCRIPTION
|
||||
The \*(nm utility can be used interactively to perform
|
||||
miscellaneous operations such as exploring the
|
||||
contents of or sending arbitrary APDU commands to a
|
||||
smart card or similar security token.
|
||||
.SH OPTIONS
|
||||
The following are the command\-line options for \*(nm. There
|
||||
are additional interactive commands available once it is running.
|
||||
.PP
|
||||
.TP
|
||||
.BR "\-\-reader " \fInum\fP ", \-r " \fInum\fP
|
||||
Use the given reader number. The default is 0, the first reader
|
||||
in the system.
|
||||
.TP
|
||||
.BR "\-\-card\-driver " \fIdriver\fP ", \-D " \fIdriver\fP
|
||||
Use the given card driver. The default is auto-detected.
|
||||
.TP
|
||||
.BR \-\-verbose ", " \-v
|
||||
Causes \*(nm to be more verbose. Specify this flag several times
|
||||
to enable debug output in the opensc library.
|
||||
.SH COMMANDS
|
||||
The following commands are supported at the \*(nm interactive prompt.
|
||||
.PP
|
||||
.TP
|
||||
.BR ls
|
||||
list all files in the current DF
|
||||
.TP
|
||||
.BR "cd \fIfile\-id\fP"
|
||||
change to another DF specified by \fIfile\-id\fP
|
||||
.TP
|
||||
.BR cat
|
||||
print the contents of the currently selected EF
|
||||
.TP
|
||||
.BR "info [\fIfile\-id\fP]"
|
||||
display attributes of a file specified by \fIfile\-id\fP.
|
||||
If \fIfile\-id\fP is not supplied, the attributes of the
|
||||
current file are printed.
|
||||
.TP
|
||||
.BR "create \fIfile\-id\fP \fIsize\fP"
|
||||
create a new EF. \fIfile\-id\fP specifies the
|
||||
id number and \fIsize\fP is the size of the new file.
|
||||
.TP
|
||||
.BR "delete \fIfile\-id\fP"
|
||||
remove the EF or DF specified by \fIfile\-id\fP.
|
||||
.TP
|
||||
.BR "verify \fIkey\-type\fP\fIkey\-id\fP [\fIkey\fP]"
|
||||
present a PIN or key to the card.
|
||||
Where \fIkey\-type\fP can be one of CHV, KEY or PRO.
|
||||
\fIkey\-id\fP is a number representing the key or PIN number.
|
||||
\fIkey\fP is the key or PIN to be verified in hex.
|
||||
.PP
|
||||
Example: verify CHV0 31:32:33:34:00:00:00:00
|
||||
.TP
|
||||
.BR "change CHV\fIid\fP [\fIold\-pin\fP] \fInew\-pin\fP"
|
||||
change a PIN
|
||||
.PP
|
||||
Example: change CHV0 31:32:33:34:00:00:00:00 'secret'
|
||||
.TP
|
||||
.BR "put \fIfile\-id\fP [\fIinput\fP]"
|
||||
copy a local file to the card.
|
||||
The local file is specified by \fIinput\fP while the
|
||||
card file is specified by \fIfile\-id\fP.
|
||||
.TP
|
||||
.BR "get \fIfile\-id\fP [\fIoutput\fP]"
|
||||
copy an EF to a local file.
|
||||
The local file is specified by \fIoutput\fP while the
|
||||
card file is specified by \fIfile\-id\fP.
|
||||
.TP
|
||||
.BR "mkdir \fIfile\-id\fP \fIsize\fP"
|
||||
create a DF. \fIfile\-id\fP specifies the
|
||||
id number and \fIsize\fP is the size of the new file.
|
||||
.TP
|
||||
.BR pksign
|
||||
create a public key signature. NOTE: This command is
|
||||
currently not implemented.
|
||||
.TP
|
||||
.BR pkdecrypt
|
||||
perform a public key decryption. NOTE: This command is
|
||||
currently not implemented.
|
||||
.TP
|
||||
.BR erase
|
||||
erase the card, if the card supports it.
|
||||
.TP
|
||||
.BR "debug [\fIlevel\fP]"
|
||||
get or set the debug level
|
||||
.TP
|
||||
.BR quit
|
||||
exit the program
|
||||
|
||||
.SH SEE ALSO
|
||||
.BR opensc (7),
|
||||
.BR opensc-tool (1)
|
||||
.SH AUTHORS
|
||||
\*(nm was written by Juha Yrjölä <juha.yrjola@iki.fi>.
|
||||
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
|
||||
for the Debian GNU/Linux system (but may be used by others).
|
|
@ -1,54 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBopensc-tool\fR
|
||||
.TH opensc-tool 1 "September 3, 2002" "" OpenSC
|
||||
.SH NAME
|
||||
opensc-tool \- generic smart card utility
|
||||
.SH SYNOPSIS
|
||||
\*(nm
|
||||
.RI [OPTIONS]
|
||||
.SH DESCRIPTION
|
||||
The \*(nm utility can be used from the command line to perform
|
||||
miscellaneous smart card operations such as getting the card
|
||||
ATR or sending arbitrary APDU commands to a card.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.BR \-\-atr ", " \-a
|
||||
Print the Answer To Reset (ATR) of the card, output is in hex byte
|
||||
format
|
||||
.TP
|
||||
.BR \-\-serial
|
||||
Print the card serial number (normally the ICCSN), output is in hex byte
|
||||
format
|
||||
.TP
|
||||
.BR "\-\-send\-apdu " \fIapdu\fP ", \-s " \fIapdu\fP
|
||||
Sends an arbitrary APDU to the card in the format AA:BB:CC:DD:EE:FF...
|
||||
.TP
|
||||
.BR \-\-list\-files ", " \-f
|
||||
Recursively lists all files stored on card
|
||||
.TP
|
||||
.BR \-\-list\-readers ", " \-l
|
||||
Lists all configured readers
|
||||
.TP
|
||||
.BR \-\-list\-drivers ", " \-D
|
||||
Lists all installed card drivers
|
||||
.TP
|
||||
.BR \-\-list\-rdrivers ", " \-R
|
||||
Lists all installed reader drivers
|
||||
.TP
|
||||
.BR "\-\-reader " \fInum\fP ", \-r " \fInum\fP
|
||||
Use the given reader number. The default is 0, the first reader
|
||||
in the system.
|
||||
.TP
|
||||
.BR "\-\-card\-driver " \fIdriver\fP ", \-c " \fIdriver\fP
|
||||
Use the given card driver. The default is auto-detected.
|
||||
.TP
|
||||
.BR \-\-verbose ", " \-v
|
||||
Causes \*(nm to be more verbose. Specify this flag several times
|
||||
to enable debug output in the opensc library.
|
||||
.SH SEE ALSO
|
||||
.BR opensc (7),
|
||||
.BR opensc-explorer (1)
|
||||
.SH AUTHORS
|
||||
\*(nm was written by Juha Yrjölä <juha.yrjola@iki.fi>.
|
||||
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
|
||||
for the Debian GNU/Linux system (but may be used by others).
|
|
@ -1,51 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBopensc\fR
|
||||
.TH opensc 7 "September 3, 2002" "" OpenSC
|
||||
.SH NAME
|
||||
opensc \- Smart Card library and applications with support for PKCS #15 compatible smart cards and similar security tokens
|
||||
.SH DESCRIPTION
|
||||
The \*(nm project aims to provide a set of libraries and programs
|
||||
for manipulating smart cards. The \*(nm utilities and libraries
|
||||
can be used with ISO 7816\-4 compatible cards providing basic,
|
||||
ISO filesystem manipulation. The primary goal of \*(nm, however,
|
||||
is to support cryptographic functionality made possible by PKCS #15
|
||||
compatible cards.
|
||||
.PP
|
||||
Functionality includes PIN\-protected, on\-card private
|
||||
and public key storage, message signing/verification and key generation.
|
||||
.PP
|
||||
\*(nm supports PC/SC, CT\-API and OpenCT to talk to card terminals.
|
||||
.SH OTHER FEATURES
|
||||
PAM library.
|
||||
.br
|
||||
OpenSSH integration.
|
||||
.br
|
||||
PKCS #11 integration.
|
||||
.SH SUPPORTED CARDS
|
||||
.TP
|
||||
As of this writing, \*(nm is known to support the following PKCS #15 compatible cards.
|
||||
.br
|
||||
Finnish FINEID (SetCOS)
|
||||
.br
|
||||
Swedish Posten eID (SetCOS)
|
||||
.br
|
||||
Schlumberger Cryptoflex 16k and 8k
|
||||
.br
|
||||
Gemplus GPK 4000, 8000 and 16000
|
||||
.br
|
||||
MioCOS 1.1
|
||||
.br
|
||||
TCOS 2.0
|
||||
.SH SEE ALSO
|
||||
.BR opensc-tool (1),
|
||||
.BR opensc-explorer (1),
|
||||
.BR opensc-config (1),
|
||||
.BR pkcs15 (7),
|
||||
.BR pkcs15-init (1),
|
||||
.BR pkcs15-tool (1),
|
||||
.BR pkcs15-crypt (1),
|
||||
.BR cryptoflex-tool (1),
|
||||
.BR http://www.opensc.org
|
||||
.SH AUTHOR
|
||||
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>,
|
||||
for the Debian GNU/Linux system (but may be used by others).
|
|
@ -1,122 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBpkcs11-tool\fR
|
||||
.TH pkcs11-tool 1 "December 11, 2003" "" OpenSC
|
||||
.SH NAME
|
||||
pkcs11-tool \- utility for managing and using PKCS #11 security tokens
|
||||
.SH SYNOPSIS
|
||||
\*(nm
|
||||
.RI [OPTIONS]
|
||||
.SH DESCRIPTION
|
||||
The \*(nm utility is used to manage the
|
||||
data objects on smart cards and similar PKCS #11 security tokens.
|
||||
Users can list and read PINs, keys and
|
||||
certificates stored on the token. User PIN authentication is
|
||||
performed for those operations that require it.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.BR \-\-login ", " \-l
|
||||
Authenticate to the token before performing other operations.
|
||||
This option is not needed if a PIN is provided on the command line.
|
||||
.TP
|
||||
.BR "\-\-pin " \fIpin\fP ", \-p " \fIpin\fP
|
||||
Use the given \fIpin\fP for token operations.
|
||||
WARNING: Be careful using this option as other users may be able to
|
||||
read the command line from the system or if it is embedded in a script.
|
||||
.TP
|
||||
.BR "\-\-so\-pin " \fIpin\fP
|
||||
Use the given \fIpin\fP as the Security Officer PIN for some token operations
|
||||
(token initialization, user PIN initialization, etc). The same warning
|
||||
than \-\-pin also applies here.
|
||||
.TP
|
||||
.BR \-\-init\-token
|
||||
Initializes a token: set the token label as well as a Security Officer
|
||||
PIN (the label must be specified using \-\-label).
|
||||
.TP
|
||||
.BR \-\-init\-pin
|
||||
Initializes the user PIN. This option differs from \-\-change\-pin in that
|
||||
it sets the user PIN for the first time. Once set, the user PIN can be
|
||||
changed using \-\-change\-pin.
|
||||
.TP
|
||||
.BR \-\-change\-pin ", " \-c
|
||||
Change the user PIN on the token
|
||||
.TP
|
||||
.BR \-\-test ", " \-t
|
||||
Performs some tests on the token. This option is most useful when used with
|
||||
either \-\-login or \-\-pin.
|
||||
.TP
|
||||
.BR \-\-show\-info ", " \-I
|
||||
Displays general token information.
|
||||
.TP
|
||||
.BR \-\-list\-slots ", " \-L
|
||||
Displays a list of available slots on the token.
|
||||
.TP
|
||||
.BR \-\-list\-mechanisms ", " \-M
|
||||
Displays a list of mechanisms supported by the token.
|
||||
.TP
|
||||
.BR \-\-list\-objects ", " \-O
|
||||
Displays a list of objects.
|
||||
.TP
|
||||
.BR \-\-sign ", " \-s
|
||||
Sign some data.
|
||||
.TP
|
||||
.BR \-\-hash ", " \-h
|
||||
Hash some data.
|
||||
.TP
|
||||
.BR "\-\-mechanism " \fImechanism\fP ", \-m " \fImechanism\fP
|
||||
Use the specified \fImechanism\fP for token operations.
|
||||
See \-M for a list of mechanisms supported by your token.
|
||||
.TP
|
||||
.BR \-\-keypairgen ", " \-k
|
||||
Generate a new key pair (public and private pair.)
|
||||
.TP
|
||||
.BR "\-\-write\-object " \fIid\fP ", \-w " \fIid\fP
|
||||
Write a key or certificate object to the token.
|
||||
.TP
|
||||
.BR "\-\-type " \fItype\fP ", \-y " \fItype\fP
|
||||
Specify the type of object to operate on. Examples are \fIcert\fP ,
|
||||
\fIprivkey\fP and \fIpubkey\fP .
|
||||
.TP
|
||||
.BR "\-\-id " \fIid\fP ", \-d " \fIid\fP
|
||||
Specify the id of the object to operate on."
|
||||
.TP
|
||||
.BR "\-\-label " \fIname\fP ", \-a " \fIname\fP
|
||||
Specify the name of the object to operate on (or the token label when
|
||||
\-\-init\-token is used).
|
||||
.TP
|
||||
.BR "\-\-slot " \fIid\fP
|
||||
Specify the id of the slot to use.
|
||||
.TP
|
||||
.BR "\-\-slot\-id " \fIname\fP
|
||||
Specify the name of the slot to use.
|
||||
.TP
|
||||
.BR "\-\-set\-id " \fIid\fP ", \-e " \fIid\fP
|
||||
Set the CKA_ID of the object.
|
||||
.TP
|
||||
.BR "\-\-attr\-from " \fIpath\fP
|
||||
Extract informations from \fIpath\fP (DER-encoded certificate file)
|
||||
and create the corresponding attributes when writing an object to the
|
||||
token. Example: the certificate subject name is used to create the
|
||||
CKA_SUBJECT attribute.
|
||||
.TP
|
||||
.BR "\-\-input\-file " \fIpath\fP ", \-i " \fIpath\fP
|
||||
Specify the path to a file for input.
|
||||
.TP
|
||||
.BR "\-\-output\-file " \fIpath\fP ", \-o " \fIpath\fP
|
||||
Specify the path to a file for output.
|
||||
.TP
|
||||
.BR "\-\-module " \fImod\fP
|
||||
Specify a module to load.
|
||||
.TP
|
||||
.BR "\-\-moz\-cert " \fIpath\fP ", \-z " \fIpath\fP
|
||||
Tests a Mozilla-like keypair generation and certificate request.
|
||||
Specify the \fIpath\fP to the certificate file.
|
||||
.TP
|
||||
.BR \-\-verbose ", " \-v
|
||||
Causes \*(nm to be more verbose. Specify this flag several times
|
||||
to enable debug output in the opensc library.
|
||||
.SH SEE ALSO
|
||||
.BR opensc (7).
|
||||
.SH AUTHORS
|
||||
\*(nm was written by Olaf Kirch and Stef Hoeben.
|
||||
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
|
||||
for the Debian GNU/Linux system (but may be used by others).
|
|
@ -1,96 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBpkcs15-crypt\fR
|
||||
.TH pkcs15-crypt 1 "" "" OpenSC
|
||||
.SH NAME
|
||||
pkcs15-crypt \- perform crypto operations using pkcs15 smart card
|
||||
.SH SYNOPSIS
|
||||
\*(nm
|
||||
.RI [ " OPTIONS " ]
|
||||
.SH DESCRIPTION
|
||||
The \*(nm utility can be used from the command line to perform
|
||||
cryptographic operations such as computing digital signatures or
|
||||
decrypting data, using keys stored on a PKCS #15 compliant smart
|
||||
card.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.BR \-\-sign ", " \-s
|
||||
Perform digital signature operation on the data read from a
|
||||
file specified using the
|
||||
.B \-\-input
|
||||
option. By default, the contents of the file are assumed to
|
||||
be the result of an MD5 hash operation. Note that \*(nm
|
||||
expects the data in binary representation, not ASCII.
|
||||
.IP
|
||||
The digital signature is stored, in binary representation,
|
||||
in the file specified by the
|
||||
.B \-\-output
|
||||
option. If this option is not given, the signature
|
||||
is printed on standard output, displaying non-printable
|
||||
characters using their hex notation
|
||||
.BR \e\exNN
|
||||
(see also
|
||||
.B \-\-raw).
|
||||
.
|
||||
.TP
|
||||
.B \-\-pkcs1
|
||||
By default, \*(nm assumes that input data has been padded to
|
||||
the correct length (i.e. when computing an RSA signature using
|
||||
a 1024 bit key, the input must be padded to 128 bytes to match
|
||||
the modulus length). When giving the
|
||||
.B \-\-pkcs1
|
||||
option, however, \*(nm will perform the required padding
|
||||
using the algorithm outlined in the PKCS #1 standard version 1.5.
|
||||
.TP
|
||||
.B \-\-sha\-1
|
||||
This option tells \(*nm that the input file is the result
|
||||
of an SHA1 hash operation, rather than an MD5 hash. Again,
|
||||
the data must be in binary representation.
|
||||
.TP
|
||||
.BR \-\-decipher ", "\-c
|
||||
Decrypt the contents of the file specified by the
|
||||
.B \-\-input
|
||||
option. The result of the decryption operation is written to
|
||||
the file specified by the
|
||||
.B \-\-output
|
||||
option. If this option is not given, the decrypted data is
|
||||
printed to standard output, displaying non-printable
|
||||
characters using their hex notation
|
||||
.BR \e\exNN
|
||||
(see also
|
||||
.B \-\-raw).
|
||||
.
|
||||
.TP
|
||||
.BR \-\-key " id, " \-k " id"
|
||||
Selects the ID of the key to use.
|
||||
.TP
|
||||
.BR \-\-reader " N, " \-r " N"
|
||||
Selects the N-th smart card reader configured by the system.
|
||||
If unspecified, \*(nm will use the first reader found.
|
||||
.TP
|
||||
.BR \-\-input " file, " \-i " file"
|
||||
Specifies the input file to use.
|
||||
.TP
|
||||
.BR \-\-output " file, " \-o " file"
|
||||
Any output will be sent to the specified file.
|
||||
.TP
|
||||
.BR \-\-raw ", "\-R
|
||||
Outputs raw 8 bit data.
|
||||
.TP
|
||||
.BR \-\-pin " pincode, " \-p " pincode"
|
||||
When the cryptographic operation requires a PIN to access
|
||||
the key, \*(nm will prompt the user for the PIN on the terminal.
|
||||
Using this option allows you to specify the PIN on the command
|
||||
line.
|
||||
.IP
|
||||
Note that on most operating systems, the command line of
|
||||
a process can be displayed by any user using the
|
||||
.BR ps (1)
|
||||
command. It is therefore a security risk to specify
|
||||
secret information such as PINs on the command line.
|
||||
.TP
|
||||
.BR \-\-verbose ", " \-v
|
||||
Causes \*(nm to be more verbose. Specify this flag several times
|
||||
to enable debug output in the opensc library.
|
||||
.SH AUTHORS
|
||||
\*(nm was written by Juha Yrjölä <juha.yrjola@iki.fi>.
|
||||
This manpage was contributed by Olaf Kirch <okir@lst.de>.
|
|
@ -1,285 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBpkcs15-init\fR
|
||||
.TH pkcs15-init 1 "" "" OpenSC
|
||||
.SH NAME
|
||||
pkcs15-init \- smart card personalization utility
|
||||
.SH DESCRIPTION
|
||||
The \*(nm(1) utility can be used to create a PKCS #15
|
||||
structure on a smart card, and add key or certificate
|
||||
objects. Details of the structure that will be created
|
||||
are controlled via profiles.
|
||||
.PP
|
||||
The profile used by default is \fBpkcs15\fR. Alternative
|
||||
profiles can be specified via the \fB-p\fR switch.
|
||||
.SH PIN Usage
|
||||
.B pkcs15-init
|
||||
can be used to create a PKCS #15 structure on your smart card,
|
||||
create PINs, and install keys and certificates on the card.
|
||||
This process is also called \fIpersonalization\fP.
|
||||
.PP
|
||||
An OpenSC card can have one security officer PIN, and zero or
|
||||
more user PINs. PIN stands for Personal Identification Number,
|
||||
and is a secret code you need to present to the card before
|
||||
being allowed to perform certain operations, such as using
|
||||
one of the stored RSA keys to sign a document, or modifying
|
||||
the card itself.
|
||||
.PP
|
||||
Usually, PINs are a sequence of decimal digits, but some cards will
|
||||
accept arbitrary ASCII characters. Be aware however that using
|
||||
characters other than digits will make the card unusable with PIN pad
|
||||
readers, because those usually have keys for entering digits only.
|
||||
.PP
|
||||
The security officer (SO) PIN is special; it is used to protect
|
||||
meta data information on the card, such as the PKCS #15 structure
|
||||
itself. Setting the SO PIN is optional, because the worst that can
|
||||
usually happen is that someone finding your card can mess it up.
|
||||
To extract any of your secret keys stored on the card, an attacker
|
||||
will still need your user PIN, at least for the default OpenSC profiles.
|
||||
However, it is possible to create card profiles that will allow the
|
||||
security officer to override user PINs.
|
||||
.PP
|
||||
For each PIN, you can specify a PUK (also called
|
||||
\fIunblock PIN\fP). The PUK can be used to overwrite or unlock
|
||||
a PIN if too many incorrect values have been entered in a row.
|
||||
.SH MODES OF OPERATION
|
||||
.SS Initialization
|
||||
This is the first step during card personalization, and
|
||||
will create the basic files on the card.
|
||||
To create the initial PKCS #15 structure, invoke the utility as
|
||||
.PP
|
||||
.B " pkcs15-init --create-pkcs15
|
||||
.PP
|
||||
You will then be asked for several the security officer PIN and PUK.
|
||||
Simply pressing return at the SO PIN prompt will skip installation
|
||||
of an SO PIN.
|
||||
.PP
|
||||
If the card supports it, you can also request that the card is erased
|
||||
prior to creating the PKCS #15 structure, by specifying the
|
||||
.B --erase-card
|
||||
option.
|
||||
.SS User PIN Installation
|
||||
Before installing any user objects such as private keys, you need
|
||||
at least one PIN to protect these objects. you can do this using
|
||||
.PP
|
||||
.BI " pkcs15-init --store-pin --id " nn
|
||||
.PP
|
||||
where \fInn\fP is a PKCS #15 ID in hexadecimal notation. Common values
|
||||
are \fB01\fP, \fB02\fP, etc.
|
||||
.PP
|
||||
Entering the command above will ask you for the user's PIN and PUK.
|
||||
If you do not wish to install an unblock PIN, simply press return
|
||||
at the PUK prompt.
|
||||
.PP
|
||||
To set a label for this PIN object (which can be used by applications
|
||||
to display a meaningful prompt to the user), use the
|
||||
\fB--label\fP command line option.
|
||||
.SS Key Generation
|
||||
\*(nm lets you generate a new key and store it on the card.
|
||||
You can do this using:
|
||||
.PP
|
||||
.BI " pkcs15-init --generate-key " keyspec " --auth-id " nn
|
||||
.PP
|
||||
where
|
||||
.I keyspec
|
||||
describes the algorithm and length of the key to be created,
|
||||
such as
|
||||
.BR rsa/512 .
|
||||
This will create a 512 bit RSA key. Currently, only RSA key
|
||||
generation is supported. Note that cards usually support just
|
||||
a few different key lengths. Almost all cards will support
|
||||
512 and 1024 bit keys, some will support 768 or 2048 as well.
|
||||
.PP
|
||||
\fInn\fP is the ID of a user PIN installed previously, e.g. \fB01\fP.
|
||||
.PP
|
||||
In addition to storing the private portion of the key on the
|
||||
card, \*(nm will also store the the public portion of the key
|
||||
as a PKCS #15 public key object.
|
||||
.PP
|
||||
By default, \*(nm will try to use the card's on-board key
|
||||
generation facilities, if available. If the card does not
|
||||
support on-board key generation, \*(nm will fall back to
|
||||
software key generation.
|
||||
.SS Private Key Download
|
||||
You can use a private key generated by other means and download
|
||||
it to the card. For instance, to download a private key contained
|
||||
in a file named
|
||||
.B okir.pem ,
|
||||
which is in PEM format, you would use
|
||||
.PP
|
||||
.B " pkcs15-init --store-private-key okir.pem --id 45 --auth-id 01
|
||||
.PP
|
||||
If the key is protected by a pass phrase, \*(nm will prompt
|
||||
you for a pass phrase to unlock the key.
|
||||
.PP
|
||||
In addition to storing the private portion of the key on the
|
||||
card, \*(nm will also store the the public portion of the key
|
||||
as a PKCS #15 public key object.
|
||||
.PP
|
||||
Note the use of the
|
||||
.B --id
|
||||
option. The current
|
||||
.B pkcs15
|
||||
profile defines two key templates, one for authentication (key ID 45),
|
||||
and one for non-repudiation purposes (key ID 46). Other key
|
||||
templates will probably be added in the future. Note that you don't
|
||||
specify a key ID, \*(nm will pick just the first key template
|
||||
defined by the profile.
|
||||
.PP
|
||||
In addition to the PEM key file format, \*(nm also supports DER encoded
|
||||
keys, and PKCS #12 files. The latter is the file format used by
|
||||
Netscape Navigator (among others) when exporting certificates to
|
||||
a file. A PKCS #12 file usually contains the X.509 certificate
|
||||
corresponding to the private key. If that is the case,
|
||||
\*(nm will store the certificate instead of the public key portion.
|
||||
.SS Public Key Download
|
||||
You can also download individual public keys to the card using
|
||||
the
|
||||
.B \-\-store-public-key
|
||||
option, which takes a filename as an argument. This file is supposed
|
||||
to contain the public key. If you don't specify a key file format
|
||||
using the
|
||||
.B \-\-format
|
||||
option, \*(nm will assume PEM format.
|
||||
The only other supported public key file format is DER.
|
||||
.PP
|
||||
Since the corresponding public keys are always downloaded
|
||||
automatically when generating a new key, or when downloading a
|
||||
private key, you will probably use this option only very rarely.
|
||||
.SS Certificate Download
|
||||
You can download certificates to the card using the
|
||||
.B \-\-store-certificate
|
||||
option, which takes a filename as an argument. This file is supposed
|
||||
to contain the DER encoded X.509 certificate.
|
||||
.SS Downloading PKCS #12 bags
|
||||
Most browsers nowadays use PKCS #12 format files when you ask them to
|
||||
export your key and certificate to a file. \*(nm is capable of parsing
|
||||
these files, and storing their contents on the card in a single operation.
|
||||
This works just like storing a private key, except that you need to
|
||||
specify the file format:
|
||||
.PP
|
||||
.nf
|
||||
.BI " pkcs15-init --store-private-key okir.p12 --format pkcs12
|
||||
.BI " --auth-id 01
|
||||
.fi
|
||||
This will install the private key contained in the file \fBokir.p12\fP,
|
||||
and protected it with the PIN referenced by authentication ID \fB01\fP.
|
||||
It will also store any X.509 certificates contained in the file,
|
||||
which is usually the user certificate that goes with the key,
|
||||
as well as the CA certificate.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.BR \-\-profile " \fIname\fP, " \-p " \fIname\fP"
|
||||
Tells \*(nm to load the specified general profile. Currently, the
|
||||
only application profile defined is
|
||||
.BR pkcs15 ,
|
||||
but you can write your own profiles and specify them using this
|
||||
option.
|
||||
.IP
|
||||
The profile name can be combined with one or more \fIprofile options\fP,
|
||||
which slightly modify the profile's behavior. For instance, the
|
||||
default OpenSC profile supports the \fBopenpin\fP option, which
|
||||
installs a single PIN during card initialization. This PIN is then
|
||||
used both as the SO PIN as well as the user PIN for all keys stored
|
||||
on the card.
|
||||
.IP
|
||||
Profile name and options are separated by a \fB+\fP character,
|
||||
as in \fBpkcs15+onepin\fP.
|
||||
.TP
|
||||
.BR \-\-card-profile " \fIname\fP, " \-c " \fIname\fP"
|
||||
Tells \*(nm to load the specified card profile option.
|
||||
You will rarely need this option.
|
||||
.TP
|
||||
.BR \-\-create-pkcs15 ", " \-C
|
||||
This tells \*(nm to create a PKCS #15 structure on the card, and
|
||||
initialize any PINs.
|
||||
.TP
|
||||
.BR \-\-erase-card ", " \-E
|
||||
This will erase the card prior to creating the PKCS #15 structure,
|
||||
if the card supports it. If the card does not support erasing,
|
||||
\*(nm will fail.
|
||||
.TP
|
||||
.BR \-\-generate-key " \fIkeyspec\fP, " \-G " \fIkeyspec\fP
|
||||
Tells the card to generate new key and store it on the card.
|
||||
.I keyspec
|
||||
consists of an algorithm name (currently, the only supported
|
||||
name is
|
||||
.BR RSA ),
|
||||
optionally followed by a slash and the length of the key in bits.
|
||||
It is a good idea to specify the key ID along with this
|
||||
command, using the
|
||||
.BR \-\-id " option.
|
||||
.TP
|
||||
.BR \-\-store-private-key " \fIfilename\fP, " -S " \fIfilename\fP"
|
||||
Tells \*(nm to download the specified private key to the card.
|
||||
This command will also create a public key object containing
|
||||
the public key portion.
|
||||
By default, the file is assumed to contain the key in PEM format.
|
||||
Alternative formats can be specified using
|
||||
.BR \-\-format .
|
||||
It is a good idea to specify the key ID along with this
|
||||
command, using the
|
||||
.BR \-\-id " option.
|
||||
.TP
|
||||
.BR \-\-store-public-key " \fIfilename\fP, " -P " \fIfilename\fP"
|
||||
Tells \*(nm to download the specified public key to the card
|
||||
and create a public key object with the key ID specified via the
|
||||
.BR \-\-id " option.
|
||||
By default, the file is assumed to contain the key in PEM format.
|
||||
Alternative formats can be specified using
|
||||
.BR \-\-format .
|
||||
.TP
|
||||
.BR \-\-store-certificate " \fIfilename\fX, " -P " \fIfilename\fP"
|
||||
Tells \*(nm to store the certificate given in
|
||||
.I filename
|
||||
on the card, creating a certificate object with the ID specified
|
||||
via the
|
||||
.BR \-\-id " option. The file is assumed to contain the
|
||||
DER encoded certificate.
|
||||
.TP
|
||||
.BR \-\-so-pin ", " \-\-so-puk ", " \-\-pin ", " \-\-puk
|
||||
These options can be used to specify PIN/PUK values on the
|
||||
command line. Note that on most operation systems, any
|
||||
user can display the command line of any process on the
|
||||
system using utilities such as
|
||||
.BR ps (1).
|
||||
Therefore, you should use these options only on a secured
|
||||
system, or in an options file specified with
|
||||
.BR \-\-options-file .
|
||||
.TP
|
||||
.BR \-\-passphrase
|
||||
When downloading a private key,
|
||||
this option can be used to specify the pass phrase to unlock
|
||||
the private key. The same caveat applies here as in the
|
||||
case of the
|
||||
.B \-\-pin
|
||||
options.
|
||||
.TP
|
||||
.BR \-\-use\-default\-transport\-keys ", " \-T
|
||||
Always ask for transport keys etc, even if the driver thinks
|
||||
it knows the key.
|
||||
.TP
|
||||
.BI \-\-options-file " filename"
|
||||
Tells \*(nm to read additional options from
|
||||
.IR filename .
|
||||
The file is supposed to contain one long option per line, without
|
||||
the leading dashes, for instance:
|
||||
.IP
|
||||
.nf
|
||||
pin frank
|
||||
puk zappa
|
||||
.fi
|
||||
.PP
|
||||
You can specify
|
||||
.B \-\-options-file
|
||||
several times.
|
||||
.TP
|
||||
.BR \-\-verbose ", " \-v
|
||||
Causes \*(nm to be more verbose. Specify this flag several times
|
||||
to enable debug output in the opensc library.
|
||||
.SH SEE ALSO
|
||||
.BR pkcs15-profile (5) .
|
||||
.SH BUGS
|
||||
This manual page is usually out of date. Please cross-check options
|
||||
using the \fB--help\fP option.
|
||||
.SH AUTHORS
|
||||
\*(nm was written by Olaf Kirch <okir@lst.de>
|
|
@ -1,38 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBpkcs15-profile\fP
|
||||
.TH pkcs15-profile 5 "" "" OpenSC
|
||||
.SH NAME
|
||||
pkcs15-profile \- format of profiles for \*(nm
|
||||
.SH DESCRIPTION
|
||||
The \*(nm(1) utility for PKCS #15 smart card personalization
|
||||
is controlled via profiles. When starting, it will read two
|
||||
such profiles at the moment, a generic application profile,
|
||||
and a card specific profile. The generic profile must be
|
||||
specified on the command line, while the card specific file
|
||||
is selected based on the type of card detected.
|
||||
.PP
|
||||
The generic application profile defines general information
|
||||
about the card layout, such as the path of the application DF,
|
||||
various PKCS #15 files within that directory, and the access
|
||||
conditions on these files. It also defines general information
|
||||
about PIN, key and certificate objects. Currently, there is
|
||||
only one such generic profile,
|
||||
.IR pkcs15.profile .
|
||||
.PP
|
||||
The card specific profile contains additional information
|
||||
required during card intialization, such as location of
|
||||
PIN files, key references etc.
|
||||
.PP
|
||||
Profiles currently reside in
|
||||
.PP
|
||||
.B @pkgdata@
|
||||
.SH SYNTAX
|
||||
This section should contain information about the profile
|
||||
syntax. Will add this soonishly.
|
||||
.SH SEE ALSO
|
||||
.BR pkcs15 (7) ,
|
||||
.BR pkcs15-init (1) ,
|
||||
.BR pkcs15-crypt (1) ,
|
||||
.BR opensc (7) .
|
||||
.SH AUTHORS
|
||||
\*(nm was written by Olaf Kirch <okir@lst.de>.
|
|
@ -1,77 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBpkcs15-tool\fR
|
||||
.TH pkcs15-tool 1 "September 3, 2002" "" OpenSC
|
||||
.SH NAME
|
||||
pkcs15-tool \- utility for manipulating PKCS #15 data structures on smart cards and similar security tokens
|
||||
.SH SYNOPSIS
|
||||
\*(nm
|
||||
.RI [OPTIONS]
|
||||
.SH DESCRIPTION
|
||||
The \*(nm utility is used to manipulate the PKCS #15
|
||||
data structures on smart cards and similar security tokens.
|
||||
Users can list and read PINs, keys and
|
||||
certificates stored on the token. User PIN authentication is
|
||||
performed for those operations that require it.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.BR \-\-learn\-card ", " \-L
|
||||
Cache PKCS #15 token data to the local filesystem. Subsequent
|
||||
operations are performed on the cached data where possible. If
|
||||
the cache becomes out\-of\-sync with the token state (eg. new
|
||||
key is generated and stored on the token), the cache should
|
||||
be updated or operations may show stale results.
|
||||
.TP
|
||||
.BR "\-\-read\-certificate " \fIcert\fP ", \-r " \fIcert\fP
|
||||
Reads the certificate with the given id.
|
||||
.TP
|
||||
.BR \-\-list\-certificates ", " \-c
|
||||
Lists all certificates stored on the token.
|
||||
.TP
|
||||
.BR \-\-list\-pins
|
||||
Lists all PINs stored on the token. General information about
|
||||
each PIN is listed (eg. PIN name). Actual PIN values are not shown.
|
||||
.TP
|
||||
.BR \-\-change\-pin
|
||||
Changes a PIN stored on the token. User authentication is required
|
||||
for this operation.
|
||||
.TP
|
||||
.BR \-\-list\-keys ", " \-k
|
||||
Lists all private keys stored on the token. General information about
|
||||
each private key is listed (eg. key name, id and algorithm). Actual private
|
||||
key values are not displayed.
|
||||
.TP
|
||||
.BR \-\-list\-public\-keys
|
||||
Lists all public keys stored on the token, including key name, id,
|
||||
algorithm and length information.
|
||||
.TP
|
||||
.BR "\-\-read\-public\-key " \fIid\fP
|
||||
Reads the public key with id \fIid\fP, allowing the user to
|
||||
extract and store or use the public key.
|
||||
.TP
|
||||
.BR "\-\-output " \fIfilename\fP ", \-o " \fIfilename\fP
|
||||
Specifies where key output should be written. If \fIfilename\fP already
|
||||
exists, it will be overwritten. If this option is not given, keys will
|
||||
be printed to standard output.
|
||||
.TP
|
||||
.BR \-\-no\-cache
|
||||
Disables token data caching.
|
||||
.TP
|
||||
.BR "\-\-pin\-id " \fIpin\fP ", \-a " \fIpin\fP
|
||||
Specifies the auth id of the PIN to use for the operation. This
|
||||
is useful with the \-\-change\-pin operation.
|
||||
.TP
|
||||
.BR "\-\-reader " \fInum\fP
|
||||
Forces \*(nm to use reader number \fInum\fP for operations. The default
|
||||
is to use reader number 0, the first reader in the system.
|
||||
.TP
|
||||
.BR \-\-verbose ", " \-v
|
||||
Causes \*(nm to be more verbose. Specify this flag several times
|
||||
to enable debug output in the opensc library.
|
||||
.SH SEE ALSO
|
||||
.BR opensc (7),
|
||||
.BR pkcs15-init (1),
|
||||
.BR pkcs15-crypt (1)
|
||||
.SH AUTHORS
|
||||
\*(nm was written by Juha Yrjölä <juha.yrjola@iki.fi>.
|
||||
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
|
||||
for the Debian GNU/Linux system (but may be used by others).
|
|
@ -1,62 +0,0 @@
|
|||
.PU
|
||||
.ds nm \fBpkcs15\fP
|
||||
.TH pkcs15 7 "" "" OpenSC
|
||||
.SH NAME
|
||||
pkcs15 \- standard for storing information on smart cards
|
||||
.SH DESCRIPTION
|
||||
The PKCS #15 standard is available from
|
||||
.BR http://www.rsasecurity.com/rsalabs/pkcs .
|
||||
This document does not try to cover PKCS #15 in detail; it
|
||||
just tries to give readers not familiar with the standard a
|
||||
brief overview.
|
||||
.PP
|
||||
PKCS #15 defines a standard how to store keys, certificates
|
||||
and possibly other data on a smart card, and how to describe
|
||||
certain meta information (such as what PIN the user needs to
|
||||
present before he's allowed to use a certain private key).
|
||||
.PP
|
||||
A PKCS #15 compliant smart card can contain one or more
|
||||
applications. There is one ``meta directory'' that contains
|
||||
a list of all applications. On cards that support an ISO 7816
|
||||
compatible file system, each application usually resides in
|
||||
a directory of its own.
|
||||
.PP
|
||||
Within each application directory,
|
||||
PKCS #15 defines a structure of meta files (also
|
||||
called Directory Files) that contain information on objects
|
||||
stored on the card. For instance, there is a private key
|
||||
directory file (or PrKDF for short) that contains a list of
|
||||
private keys stored on the card. Likewise, there's a
|
||||
public key directory file (PuKDF) and a certificate directory
|
||||
file (CDF).
|
||||
.PP
|
||||
One fairly important PKCS #15 directory file is the AODF, or
|
||||
authorization object directory file, which describes
|
||||
the PINs held by the card. Note the AODF does not contain
|
||||
the PINs themselves; this is something that is highly
|
||||
card specific. What the AODF does contain however is
|
||||
a descriptive label for each PIN, and additional information
|
||||
required to authenticate against this PIN (sorry if this
|
||||
is very vague, but unless you really want to know, we'll
|
||||
better leave it at that, for the sake of your and my sanity :-).
|
||||
.PP
|
||||
Each object stored in a PKCS #15 structure has an ID
|
||||
assigned to it, so that related objects can reference
|
||||
one another. For instance, if a private key is protected
|
||||
by a PIN, the PrKDF entry for this key will contain
|
||||
an Authentication ID field that points to the AODF entry
|
||||
for this PIN.
|
||||
.PP
|
||||
Similarly, if the card contains a certificate corresponding
|
||||
to a private key stored on this card, the CDF entry for the
|
||||
certificate will have the same ID as the PrKDF entry for
|
||||
the private key. The same is true of public key objects.
|
||||
.SH BUGS
|
||||
This manual page is a little terse.
|
||||
.PP
|
||||
The use of the term Directory File in PKCS #15 is somewhat
|
||||
unfortunate. Normally, a PKCS #15 DF is just a plain
|
||||
(elementary) file, not a directory file in the sense of
|
||||
ISO 7816.
|
||||
.SH AUTHORS
|
||||
This manual page was written by Olaf Kirch <okir@lst.de>.
|
|
@ -1,30 +0,0 @@
|
|||
.TH sc_connect_card 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_connect_card \- connect to smart card in reader
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "int sc_connect_card(sc_reader_t *" reader ",
|
||||
.BI " int " slot ", sc_card_t **" card ");
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
This function connects to a card in a reader, resets the card
|
||||
and retrieves the ATR (Answer To Reset). Based on the ATR, it
|
||||
tries to auto-detect which card driver to use.
|
||||
.PP
|
||||
The \fIslot\fP parameter identifies the card reader's slot.
|
||||
Slots are numbered consecutively, starting at \fB0\fP.
|
||||
.PP
|
||||
If OpenSC was able to connect to the card, a pointer to the
|
||||
\fBsc_card_t\fP object is stored in the location pointer to
|
||||
by the \fIcard\fP parameter. The card handle should be
|
||||
released with \fBsc_disconnect_card\fP(3) when no longer in used.
|
||||
.SH RETURN VALUE
|
||||
If an error occurred, a negative error code is returned, as described
|
||||
in \fbsc_error\fP(3). Otherwise, the function will return 0.
|
||||
.SH SEE ALSO
|
||||
.BR sc_establish_context (3),
|
||||
.BR sc_disconnect_card (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,36 +0,0 @@
|
|||
.TH sc_detect_card_presence 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_detect_card_presence \- detect whether a card is present in a reader
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "int sc_detect_card_presence(sc_reader_t *" reader ",
|
||||
.BI " int " slot ");
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
This function is used to detect the presence of a smart card in
|
||||
a card reader device. The \fIslot\fP parameter identifies the
|
||||
card reader's slot. Slots are numbered consecutively, starting at
|
||||
\fB0\fP.
|
||||
.SH RETURN VALUE
|
||||
If a card is present, a positive value is returned that is a combination
|
||||
of the following flags:
|
||||
.TP
|
||||
.B SC_SLOT_CARD_PRESENT
|
||||
A card was detected.
|
||||
.TP
|
||||
.B SC_SLOT_CARD_CHANGED
|
||||
The card was inserted and/or removed since the last call. Note that
|
||||
this flag is not entirely reliable depending on the OS platform and
|
||||
middleware. CT\-API doesn't support it at all, for instance, while PC/SC
|
||||
on Windows occasionally returns false CHANGE events.
|
||||
.PP
|
||||
If an error occurred, a negative error code is returned, as described
|
||||
in \fbsc_error\fP(3).
|
||||
.SH SEE ALSO
|
||||
.BR sc_establish_context (3),
|
||||
.BR sc_wait_for_event (3),
|
||||
.BR sc_connect_card (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,26 +0,0 @@
|
|||
.TH sc_disconnect_card 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_disconnect_card \- disconnect from smart card
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "int sc_disconnect_card(sc_card_t *" card ",
|
||||
.BI " int " action ");
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
This function disconnects from a card in a reader, and frees the card
|
||||
structure. Any locks made by the application must be released before
|
||||
calling this function.
|
||||
.PP
|
||||
The \fIaction\fP parameter is not used at the moment and
|
||||
should be set to 0.
|
||||
.PP
|
||||
The card is not reset nor powered down after the operation.
|
||||
.SH RETURN VALUE
|
||||
If an error occurred, a negative error code is returned, as described
|
||||
in \fbsc_error\fP(3). Otherwise, the function will return 0.
|
||||
.SH SEE ALSO
|
||||
.BR sc_connect_card (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,61 +0,0 @@
|
|||
.TH sc_establish_context 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_establish_context \- establish OpenSC context
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "int sc_establish_context(sc_context_t **" ctx ",
|
||||
.BI " const char *" app_name ");
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
This function establishes an OpenSC context. This context is required
|
||||
in all subsequent calls to OpenSC functions.
|
||||
.PP
|
||||
\fIctx\fP is a pointer to a pointer that will receive the allocated context.
|
||||
.PP
|
||||
\fIapp_name\fP is a string that identifies the application. This string will
|
||||
be used to apply application-specific from the \fBopensc.conf\fP(5) configuration
|
||||
file. If \fBNULL\fP is passed, just the settings specified in the \fBdefault\fP
|
||||
section apply; otherwise, settings from the section identified by \fIapp_name\fP
|
||||
will be applied as well.
|
||||
.PP
|
||||
The \fBsc_context\fP structure contains the following members, among
|
||||
others:
|
||||
.PP
|
||||
.in +4
|
||||
.nf
|
||||
.B "typedef struct sc_context {
|
||||
.B " struct sc_reader *reader[SC_MAX_READERS];
|
||||
.B " int reader_count;
|
||||
.B "} sc_context_t;
|
||||
.fi
|
||||
.in
|
||||
.PP
|
||||
The \fBreader_count\fP field contains the number of readers found by
|
||||
OpenSC. Information on the individual card readers are stored in
|
||||
\fBsc_reader\fP objects, which look like follows:
|
||||
.PP
|
||||
.in +4
|
||||
.nf
|
||||
.B "typedef struct sc_reader {
|
||||
.B " char *name;
|
||||
.B " int slot_count;
|
||||
.B "} sc_reader_t;
|
||||
.fi
|
||||
.in
|
||||
.PP
|
||||
Here, \fBname\fP contains a printable name of the reader, and \fBslot_count\fP
|
||||
shows the number of slots supported by this device.
|
||||
.PP
|
||||
Of course, these structs contain other members as well, but applications
|
||||
usually should not use these fields.
|
||||
.SH RETURN VALUE
|
||||
If a context could be established, 0 is returned. Otherwise, a negative
|
||||
error code is returned, as described in \fbsc_error\fP(3).
|
||||
.SH SEE ALSO
|
||||
.BR sc_release_context (3),
|
||||
.BR sc_detect_card_presence (3),
|
||||
.BR sc_connect_card (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,65 +0,0 @@
|
|||
.TH sc_file 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_file \- OpenSC file struct
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.B "typedef struct sc_file {
|
||||
.B " struct sc_path path;
|
||||
.B " int type, ef_structure;
|
||||
.B " size_t size;
|
||||
.B " int id;
|
||||
.B "
|
||||
.B " /* record structured files only */
|
||||
.B " int record_length;
|
||||
.B " int record_count;
|
||||
.B "} sc_file_t;
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
This structure describes a file object on a smart card.
|
||||
It contains the following members:
|
||||
.TP
|
||||
.B path
|
||||
This is the full path to the file, starting at the MF.
|
||||
.TP
|
||||
.B type
|
||||
This is the file type. If can be one of
|
||||
.BR SC_FILE_TYPE_DF ,
|
||||
.BR SC_FILE_TYPE_WORKING_EF ", or
|
||||
.BR SC_FILE_TYPE_INTERNAL_EF .
|
||||
The latter is used by some cards only, and you normally shouldn't
|
||||
have to deal with these files.
|
||||
.TP
|
||||
.B ef_structure
|
||||
For elementary files (EFs), this field describes the file's
|
||||
structure. It can be one of
|
||||
.IP
|
||||
.nf
|
||||
.BR SC_FILE_EF_TRANSPARENT
|
||||
.BR SC_FILE_EF_LINEAR_FIXED
|
||||
.BR SC_FILE_EF_LINEAR_FIXED_TLV
|
||||
.BR SC_FILE_EF_LINEAR_VARIABLE
|
||||
.BR SC_FILE_EF_LINEAR_VARIABLE_TLV
|
||||
.BR SC_FILE_EF_CYCLIC
|
||||
.BR SC_FILE_EF_CYCLIC_TLV
|
||||
.BR SC_FILE_EF_UNKNOWN
|
||||
.fi
|
||||
.TP
|
||||
.B size
|
||||
gives the file's size in bytes.
|
||||
.TP
|
||||
.B id
|
||||
gives the file's ID, as a 16bit number.
|
||||
.TP
|
||||
.BR record_count ", " record_length
|
||||
For record structured files, \fBrecord_count\fP specifies the
|
||||
number of records in the file. For files with fixed length
|
||||
records, \fBrecord_length\fP contains the record length.
|
||||
.SH SEE ALSO
|
||||
.BR sc_path (3),
|
||||
.BR sc_file_new (3),
|
||||
.BR sc_file_free (3),
|
||||
.BR sc_select_file (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,17 +0,0 @@
|
|||
.TH sc_file_free 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_file_free \- release an OpenSC file object
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "void sc_file_free(sc_file_t *" file ");
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
This function releases a file object previously allocated by
|
||||
\fBsc_select_file\fP.
|
||||
.SH SEE ALSO
|
||||
.BR sc_file (3),
|
||||
.BR sc_select_file (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,18 +0,0 @@
|
|||
.TH sc_file_new 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_file_new \- create an OpenSC file object
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "sc_file_t *sc_file_new(void);
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
This function creates an empty OpenSC file object, which
|
||||
can later be passed to \fBsc_create_file\fP(3).
|
||||
.SH SEE ALSO
|
||||
.BR sc_file (3),
|
||||
.BR sc_file_free (3),
|
||||
.BR sc_create_file (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,33 +0,0 @@
|
|||
.TH sc_list_files 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_list_files \- list files on a smart card
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "int sc_list_files(sc_card_t *" card ",
|
||||
.BI " unsigned char *" buffer ",
|
||||
.BI " size_t " buflen ");
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
This function lists all files in the currently selected DF,
|
||||
and stores the the file IDs as big-endian 16bit words
|
||||
in \fIbuffer\fP. If the supplied buffer is too small to
|
||||
hold all file IDs, the listing is silently truncated.
|
||||
.PP
|
||||
.SH RETURN VALUE
|
||||
If an error occurred, a negative error code is returned, as described
|
||||
in \fbsc_error\fP(3). Otherwise, the function will return the
|
||||
number of bytes stored in \fIbuffer\fP.
|
||||
.SH SEE ALSO
|
||||
.BR sc_file (3),
|
||||
.BR sc_path (3),
|
||||
.BR sc_establish_context (3),
|
||||
.BR sc_select_file (3),
|
||||
.BR sc_read_binary (3),
|
||||
.BR sc_read_record (3),
|
||||
.BR sc_delete_file (3),
|
||||
.BR sc_create_file (3),
|
||||
.BR sc_file_free (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,46 +0,0 @@
|
|||
.TH sc_lock 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_lock, sc_unlock \- lock or unlock smart card
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "int sc_lock(sc_card_t *" card ");
|
||||
.BI "int sc_unlock(sc_card_t *" card ");
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
These functions handle locking of smart cards, in order to prevent
|
||||
concurrent access to the same card by different users.
|
||||
.PP
|
||||
Locking is important to prevent unauthorized access to the card
|
||||
after presenting the PIN, for instance.
|
||||
.PP
|
||||
After a call to \fBsc_lock\fP, concurrent access by other application
|
||||
to the same smart card reader is disallowed, provided the reader
|
||||
middleware supports this (see below). A lock must later be released
|
||||
by calling \fBsc_unlock\fP. When disconnecting from the card using
|
||||
\fBsc_disconnect_card\fP, there must not be anymore locks on the
|
||||
card.
|
||||
.PP
|
||||
Calls to \fBsc_lock\fP may be nested, i.e. if \fBsc_lock\fP is called
|
||||
five times in a row, the lock will not be released until the fifth
|
||||
call to \fBsc_unlock\fP.
|
||||
.PP
|
||||
Note that these functions do not offer mutual exclusion for different
|
||||
threads within the same application process. Multithread locking is
|
||||
the application's job (Note that the OpenSC PKCS11 module provides
|
||||
MT locking facilities, as that's part of the standard).
|
||||
.SH NOTES
|
||||
Whether locking is effective depends a lot on the middleware
|
||||
used to talk to the card reader. CT\-API based drivers for instance
|
||||
perform no interprocess locking at all.
|
||||
.PP
|
||||
The only middleware implementations currently supported by OpenSC that
|
||||
do perform this type of locking are PC/SC and OpenCT.
|
||||
.SH RETURN VALUE
|
||||
If an error occurred, a negative error code is returned, as described
|
||||
in \fbsc_error\fP(3). Otherwise, the function will return 0.
|
||||
.SH SEE ALSO
|
||||
.BR sc_connect_card (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,90 +0,0 @@
|
|||
.TH sc_pkcs15_compute_signature 3 "July 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_pkcs15_compute_signature \- compute digitial signature
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
|
||||
.BI " const struct sc_pkcs15_object *obj,
|
||||
.BI " unsigned long flags, const u8 *in, size_t inlen,
|
||||
.BI " u8 *out, size_t outlen);
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
This function digitally signs the data pointed to by
|
||||
.BR in ,
|
||||
using the key identified by
|
||||
.BR obj ,
|
||||
and places the resulting signature in the buffer pointed to by
|
||||
.BR out .
|
||||
The signature operation will be performed on the smart card
|
||||
identified by
|
||||
.BR p15card .
|
||||
.PP
|
||||
Currently, only RSA signatures are supported.
|
||||
.PP
|
||||
The
|
||||
.B flags
|
||||
argument provides additional information on how the signature is
|
||||
to be computed. In particular, it specifies how the input data
|
||||
should be padded:
|
||||
.TP
|
||||
.B SC_ALGORITHM_RSA_RAW
|
||||
requests that the card should sign the provided data as-is.
|
||||
The length of the input data must match the modulus length
|
||||
of the key.
|
||||
.TP
|
||||
.B SC_ALGORITHM_RSA_PAD_PKCS1
|
||||
requests that the card should sign the provided data,
|
||||
padding it according to the padding algorithm specified
|
||||
in PKCS #1.
|
||||
.IP
|
||||
The input data must be the output of a digest (hash) function.
|
||||
As PKCS #1 padding includes an identifier of the hash algorithm
|
||||
used, the
|
||||
.B flags
|
||||
argument must indicate the hash algorithm used,
|
||||
by ORing
|
||||
.B SC_ALGORITHM_RSA_PAD_PKCS1
|
||||
with one of the following values:
|
||||
.BR SC_ALGORITHM_RSA_HASH_MD5 ,
|
||||
.BR SC_ALGORITHM_RSA_HASH_SHA1 ,
|
||||
.BR SC_ALGORITHM_RSA_HASH_RIPEMD160 ,
|
||||
.BR SC_ALGORITHM_RSA_HASH_MD5_SHA1 , or
|
||||
.BR SC_ALGORITHM_RSA_HASH_NONE .
|
||||
.IP
|
||||
In any of these cases, the length of the input data must match
|
||||
the digest length of the hash algorithm. In the first 3 cases,
|
||||
the respective digestinfo is prepended to the input data (the
|
||||
hash), in the last 2 cases, no digestinfo is prepended.
|
||||
.TP
|
||||
.B SC_ALGORITHM_RSA_PAD_ANSI
|
||||
requests that the card should use ANSI padding when signing the
|
||||
provided data.
|
||||
.TP
|
||||
.B SC_ALGORITHM_RSA_PAD_ISO9796
|
||||
requests that the card should use ISO 9796 padding when signing the
|
||||
provided data.
|
||||
.\"
|
||||
.\"
|
||||
.\"
|
||||
.SH Card Driver Considerations
|
||||
Depending on the card's capabilities,
|
||||
.B sc_pkcs15_compute_signature
|
||||
is able to process the provided data so that it is in a form
|
||||
suitable for the card. For instance, if a smart card supports
|
||||
raw RSA only, the function will have to add the required
|
||||
padding before passing it to the card driver.
|
||||
Conversely, an error should be returned if the card supports
|
||||
only PKCS #1 padding with a specific set of hash algorithms.
|
||||
.PP
|
||||
...
|
||||
.SH RETURN VALUE
|
||||
If an error occurred, a negative error code is returned, as described
|
||||
in \fbsc_error\fP(3). Otherwise, the function will return the
|
||||
size of the signature.
|
||||
.SH SEE ALSO
|
||||
.BR sc_pkcs15_decipher (3),
|
||||
.BR sc_compute_signature (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,54 +0,0 @@
|
|||
.TH sc_read_binary 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_read_binary, sc_write_binary, sc_update_binary \- read and write files on a smart card
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "int sc_read_binary(sc_card_t *" card ",
|
||||
.BI " unsigned int " offset ",
|
||||
.BI " unsigned char *" buffer ",
|
||||
.BI " size_t " count ",
|
||||
.BI " unsigned long " flags ");
|
||||
.BI "int sc_write_binary(sc_card_t *" card ",
|
||||
.BI " unsigned int " offset ",
|
||||
.BI " const unsigned char *" buffer ",
|
||||
.BI " size_t " count ",
|
||||
.BI " unsigned long " flags ");
|
||||
.BI "int sc_update_binary(sc_card_t *" card ",
|
||||
.BI " unsigned int " offset ",
|
||||
.BI " const unsigned char *" buffer ",
|
||||
.BI " size_t " count ",
|
||||
.BI " unsigned long " flags ");
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
These functions read and write transparent elementary files (EFs)
|
||||
on a smart card. The correspond to the ISO 7816 functions
|
||||
READ BINARY, WRITE BINARY and UPDATE BINARY, respectively.
|
||||
(The difference between write and update is that the former
|
||||
means writing to an uninitialized file, while the latter
|
||||
is intended to update a file region previously written to -
|
||||
some card have different access conditions for these operations).
|
||||
.PP
|
||||
The \fIoffset\fP argument specifies the file offset in bytes.
|
||||
Note that some cards may not allow writing at arbitrary offsets.
|
||||
Some versions of the GPK require that read/write operations on
|
||||
transparent files are aligned on a 4-byte boundary.
|
||||
.PP
|
||||
The \fIflags\fP argument is currently not used, and should be set
|
||||
to 0.
|
||||
.SH RETURN VALUE
|
||||
If an error occurred, a negative error code is returned, as described
|
||||
in \fbsc_error\fP(3). Otherwise, the function will return the
|
||||
number of bytes read or written.
|
||||
.SH SEE ALSO
|
||||
.BR sc_file (3),
|
||||
.BR sc_path (3),
|
||||
.BR sc_establish_context (3),
|
||||
.BR sc_select_file (3),
|
||||
.BR sc_read_record (3),
|
||||
.BR sc_delete_file (3),
|
||||
.BR sc_create_file (3),
|
||||
.BR sc_file_free (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,56 +0,0 @@
|
|||
.TH sc_read_record 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_read_record, sc_write_record, sc_update_record \- read and write files on a smart card
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "int sc_read_record(sc_card_t *" card ",
|
||||
.BI " unsigned int " rec_nr ",
|
||||
.BI " unsigned char *" buffer ",
|
||||
.BI " size_t " count ",
|
||||
.BI " unsigned long " flags ");
|
||||
.BI "int sc_write_record(sc_card_t *" card ",
|
||||
.BI " unsigned int " rec_nr ",
|
||||
.BI " const unsigned char *" buffer ",
|
||||
.BI " size_t " count ",
|
||||
.BI " unsigned long " flags ");
|
||||
.BI "int sc_update_record(sc_card_t *" card ",
|
||||
.BI " unsigned int " rec_nr ",
|
||||
.BI " const unsigned char *" buffer ",
|
||||
.BI " size_t " count ",
|
||||
.BI " unsigned long " flags ");
|
||||
.BI "int sc_append_record(sc_card_t *" card ",
|
||||
.BI " const unsigned char *" buffer ",
|
||||
.BI " size_t " count ",
|
||||
.BI " unsigned long " flags ");
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
This functions read and write record-structured elementary files
|
||||
(EFs) on a smart card. The correspond to the ISO 7816 functions READ
|
||||
RECORD, WRITE RECORD, APPEND RECORD and UPDATE RECORD, respectively.
|
||||
(The difference between write and update is that the former means writing
|
||||
to an uninitialized file, while the latter is intended to update a record
|
||||
previously written to - some card have different access conditions for
|
||||
these operations).
|
||||
.PP
|
||||
The \fIrec_nr\fP argument specifies the number of the record to be
|
||||
written to, starting at 0.
|
||||
.PP
|
||||
The \fIflags\fP argument is currently not used, and should be set
|
||||
to 0.
|
||||
.SH RETURN VALUE
|
||||
If an error occurred, a negative error code is returned, as described
|
||||
in \fbsc_error\fP(3). Otherwise, the function will return the
|
||||
number of bytes read or written.
|
||||
.SH SEE ALSO
|
||||
.BR sc_file (3),
|
||||
.BR sc_path (3),
|
||||
.BR sc_establish_context (3),
|
||||
.BR sc_select_file (3),
|
||||
.BR sc_read_binary (3),
|
||||
.BR sc_delete_file (3),
|
||||
.BR sc_create_file (3),
|
||||
.BR sc_file_free (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,19 +0,0 @@
|
|||
.TH sc_release_context 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_release_context \- release OpenSC context
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "int sc_release_context(struct sc_context *" ctx ");
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
This function releasees an OpenSC context previously obtain through
|
||||
a call to \fBsc_establish_context\fP(3). No further calls to
|
||||
OpenSC using this context are possible after this.
|
||||
.PP
|
||||
\fIctx\fP is the pointer to the context that should be released.
|
||||
.SH SEE ALSO
|
||||
.BR sc_establish_context (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
|
@ -1,38 +0,0 @@
|
|||
.TH sc_select_file 3 "April 2003" "OpenSC Programmer's Manual
|
||||
.SH NAME
|
||||
sc_select_file \- select a file on a smart card
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.B #include <opensc.h>
|
||||
.sp
|
||||
.BI "int sc_select_file(sc_card_t *" card ",
|
||||
.BI " const sc_path_t *" path ",
|
||||
.BI " sc_file_t ** "result ");
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
This function selects the file specified by \fIpath\fP.
|
||||
If \fIpath\fP specifies a file within the currently selected
|
||||
DF, \fBsc_select_file\fP will \fInot\fP select the MF first,
|
||||
but interpret the path relative to the current DF. It does
|
||||
this in order to prevent losing any authorizations previously
|
||||
established with the card (e.g. by presenting a PIN).
|
||||
.PP
|
||||
If \fIresult\fP is not NULL, an \fBsc_file\fP(3) object is
|
||||
created, and the pointer to this object is stored in the
|
||||
location pointed to by \fIresult\fP. This handle should later
|
||||
be released using \fBsc_file_free\fP(3).
|
||||
.SH RETURN VALUE
|
||||
If an error occurred, a negative error code is returned, as described
|
||||
in \fbsc_error\fP(3). Otherwise, the function will return 0.
|
||||
.SH SEE ALSO
|
||||
.BR sc_file (3),
|
||||
.BR sc_path (3),
|
||||
.BR sc_establish_context (3),
|
||||
.BR sc_file_free (3),
|
||||
.BR sc_read_binary (3),
|
||||
.BR sc_read_record (3),
|
||||
.BR sc_delete_file (3),
|
||||
.BR sc_list_files (3),
|
||||
.BR sc_create_file (3).
|
||||
.SH AUTHOR
|
||||
This manual page was written by Olaf Kirch <okir@suse.de>
|
Loading…
Reference in New Issue