piv-tool1OpenSCOpenSC Toolsopenscpiv-toolsmart card utility for HSPD-12 PIV cardspiv-toolOPTIONS
The piv-tool utility can be used from the command line to perform
miscellaneous smart card operations on a HSPD-12 PIV smart card as defined in NIST 800-73-3.
It is intened for use with test cards only. It can be used to load objects, and generate
key pairs, as well as send arbitrary APDU commands to a card after having authenticated
to the card using the card key provided by the card vendor.
OptionsPrint the card serial number derived from the CHUID object,
if any. Output is in hex byte format.
,
Print the name of the inserted card (driver)argument,
argumentAuthenticate to the card using a 2DES or 3DES key.
The argument of the form
{A|M}:ref:alg
is required, were A uses "EXTERNAL AUTHENTICATION"
and M uses "MUTUAL AUTHENTICATION".
ref is normally 9B,
and alg is 03 for 3DES.
The key is provided by the card vendor, and the environment variable
PIV_EXT_AUTH_KEY must point to a text file containing
the key in the format:
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XXargument,
argumentGenerate a key pair on the card and output the public key.
The argument of the form
ref:alg
is required, where ref is 9A,
9C, 9D or 9E and
alg is 06,
07, 11 or 14
for RSA 1024, RSA 2048, ECC 256 or ECC 384 respectively. ContainerID,
ContainerIDLoad an object onto the card.
The ContainerID is as defined in NIST 800-73-n
without leading 0x. Example: CHUID object is 3000
ref,
refLoad a certificate onto the card.
ref is 9A,
9C, 9D or
9Eref,
refLoad a certificate that has been gzipped onto the card.
ref is 9A,
9C, 9D or
9Efile,
fileOutput file for any operation that produces output.
file,
fileInput file for any operation that requires an input file.
filePrint properties of the key slots. Needs 'admin' authentication.
apdu,
apduSends an arbitrary APDU to the card in the format
AA:BB:CC:DD:EE:FF....
This option may be repeated.num,
numUse the given reader number. The default is
0, the first reader in the system.driver,
driverUse the given card driver.
The default is auto-detected.
,
Wait for a card to be inserted
,
Causes piv-tool to be more verbose.
Specify this flag several times to enable debug output in the opensc
library.See alsoopensc-tool1