.PU .ds nm \fBnetkey-tool\fR .TH netkey-tool 1 "May 16, 2005" "" OpenSC .SH NAME netkey-tool \- utility for NetKey E4 smart cards .SH SYNOPSIS \*(nm .RI [OPTIONS] [command] .SH DESCRIPTION The \*(nm utility can be used from the command line to perform some smart card operations with NetKey E4 cards that cannot be done easily with other OpenSC-tools, such as changing local PINs, storing certificates into empty NetKey E4 cert-files or displaying the initial PUK-value. .SH OPTIONS .TP .BR \-\-help ", " \-h Displays a short help message. format .TP .BR \-v Causes \*(nm to be more verbose. Specify this flag several times to enable debug output in the opensc library. .TP .BR "\-\-pin " \fIpin-value\fP ", \-p " \fIpin-value\fP Specifies the current value of the global PIN. .TP .BR "\-\-puk " \fIpin-value\fP ", \-u " \fIpin-value\fP Specifies the current value of the global PUK. .TP .BR "\-\-pin0 " \fIpin-value\fP ", \-0 " \fIpin-value\fP Specifies the current value of the local PIN0 (aka local PIN). .TP .BR "\-\-pin1 " \fIpin-value\fP ", \-1 " \fIpin-value\fP Specifies the current value of the local PIN1 (aka local PUK). .SH PIN FORMAT With \fIpin-value\fP you can specify one of the cards pins. You may use plain ascii-strings (i.e. 123456) or a hex-string (i.e. 31:32:33:34:35:36). A hex-string consists of exacly n 2-digit hexnumbers separated by n-1 colons. Don't use leading or trailing colons or 1-digit hex-numbers. :12:34: and 1:2:3:4 are both pins of length 7 and you most likely intedend to use 12:34 or 01:02:03:04 wich are pins of length 2 and 4. .SH COMMANDS When used without any options or commands, \*(nm will display information about the smart cards pins and certificates. This will not change your card in any aspect (assumed there are no bugs in \*(nm). In particular the tries-left counters of the pins are investigated without doing actual pin-verifications. If you specify the global PIN via the \fB\-\-pin\fP option, \*(nm will also display the initial value of the cards global PUK. If your global PUK was changed \*(nm will still diplay its initial value. There's no way to recover a lost global PUK once it was changed and got lost. There's also no way to display the initial value of your global PUK without knowing the current value of your global PIN. For most of the commands that \*(nm can execute, you have to specify one pin. One notable exeption is the \fBnullpin\fP command, but this command can only be executed once in the lifetime of a NetKey E4 card. .IP "\fBunblock pin | pin0 | pin1\fP" 4 This unblocks the specified pin. This needs the value of another pin and if you don't specify a correct one, \*(nm will tell you which one is needed. .IP "\fBchange pin | puk | pin0 | pin1 \fIpin-value\fP" 4 This changes the value of the specified pin to the given new value. This needs the value of either the same pin or another pin and if you don't specify a correct one, \*(nm will tell you which one is needed. .IP "\fBnullpin \fIpin-value\fP" 4 This command can be executed only if the global PIN of your card is in nullpin-state. There's no way to return back to nullpin-state once you have changed your global PIN. You don't need a pin to execute the nullpin-command. After a succesfull nullpin-command \*(nm will display your cards initial PUK-value. .IP "\fBcert \fIno\fP \fIfilename\fP" 4 This command will read one of your cards certificates (as specified by number \fIno\fP) and save this certificate into file \fIfilename\fP in PEM-format. Certificates on a NetKey E4 card are readable without a pin, so you don't have to specify one. .IP "\fBcert \fIfilename\fP \fIno\fP" 4 This command will read the first PEM-encoded certificate from file \fIfilename\fP and store this into your smart cards certificate file number \fIno\fP. Some of your smart cards certificate files might be readonly, so this will not work with all values of \fIno\fP. If a certificate file is writable you must specify a pin in order to change it. If you try to use this command without specifying a pin, \*(nm will tell you which one is needed. .SH SEE ALSO .BR opensc (7), .BR opensc-explorer (1) .SH AUTHORS \*(nm was written by Peter Koch .