234 lines
7.9 KiB
XML
234 lines
7.9 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<refentry id="pkcs15-crypt">
|
|
<refmeta>
|
|
<refentrytitle>pkcs15-crypt</refentrytitle>
|
|
<manvolnum>1</manvolnum>
|
|
<refmiscinfo class="productname">OpenSC</refmiscinfo>
|
|
<refmiscinfo class="manual">OpenSC Tools</refmiscinfo>
|
|
<refmiscinfo class="source">opensc</refmiscinfo>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>pkcs15-crypt</refname>
|
|
<refpurpose>perform crypto operations using PKCS#15 smart cards</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis>
|
|
<command>pkcs15-crypt</command>
|
|
<arg choice="opt"><replaceable class="option">OPTIONS</replaceable></arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
<para>
|
|
The <command>pkcs15-crypt</command> utility can be used from the
|
|
command line to perform cryptographic operations such as computing
|
|
digital signatures or decrypting data, using keys stored on a PKCS#15
|
|
compliant smart card.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Options</title>
|
|
<para>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>
|
|
<option>--version</option>,
|
|
</term>
|
|
<listitem><para>Print the OpenSC package release version.</para></listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>--aid</option> <replaceable>aid</replaceable>
|
|
</term>
|
|
<listitem><para>Specify the AID of the on-card PKCS#15 application
|
|
to bind to. The <replaceable>aid</replaceable> must be in hexadecimal
|
|
form.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--decipher</option>,
|
|
<option>-c</option>
|
|
</term>
|
|
<listitem><para>Decrypt the contents of the file specified by
|
|
the <option>--input</option> option. The result of the
|
|
decryption operation is written to the file specified by the
|
|
<option>--output</option> option. If this option is not given,
|
|
the decrypted data is printed to standard output, displaying
|
|
non-printable characters using their hex notation xNN (see also
|
|
<option>--raw</option>).</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--input</option> <replaceable>file</replaceable>,
|
|
<option>-i</option> <replaceable>file</replaceable>
|
|
</term>
|
|
<listitem><para>Specifies the input file to use. Defaults to stdin if
|
|
not specified.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--key</option> <replaceable>id</replaceable>,
|
|
<option>-k</option> <replaceable>id</replaceable>
|
|
</term>
|
|
<listitem><para>Selects the ID of the key to use.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--output</option> <replaceable>file</replaceable>,
|
|
<option>-o</option> <replaceable>file</replaceable>
|
|
</term>
|
|
<listitem><para>Any output will be sent to the specified file. Defaults
|
|
to stdout if not specified.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--pin</option> <replaceable>pin</replaceable>,
|
|
<option>-p</option> <replaceable>pin</replaceable>
|
|
</term>
|
|
<listitem><para>When the cryptographic operation requires a
|
|
PIN to access the key, <command>pkcs15-crypt</command> will
|
|
prompt the user for the PIN on the terminal. Using this option
|
|
allows you to specify the PIN on the command line.</para>
|
|
<para>Note that on most operating systems, the command line of
|
|
a process can be displayed by any user using the ps(1)
|
|
command. It is therefore a security risk to specify
|
|
secret information such as PINs on the command line.
|
|
If you specify '-' as PIN, it will be read from STDIN.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--pkcs1</option>
|
|
</term>
|
|
<listitem><para>By default, <command>pkcs15-crypt</command>
|
|
assumes that input data has been padded to the correct length
|
|
(i.e. when computing an RSA signature using a 1024 bit key,
|
|
the input must be padded to 128 bytes to match the modulus
|
|
length). When giving the <option>--pkcs1</option> option,
|
|
however, <command>pkcs15-crypt</command> will perform the
|
|
required padding using the algorithm outlined in the
|
|
PKCS #1 standard version 1.5.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--raw</option>,
|
|
<option>-R</option>
|
|
</term>
|
|
<listitem><para>Outputs raw 8 bit data.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--reader</option> <replaceable>arg</replaceable>,
|
|
<option>-r</option> <replaceable>arg</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Number of the reader to use. By default, the first
|
|
reader with a present card is used. If
|
|
<replaceable>arg</replaceable> is an ATR, the
|
|
reader with a matching card will be chosen.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--md5</option>
|
|
<option>--sha-1</option>
|
|
<option>--sha-224</option>
|
|
<option>--sha-256</option>
|
|
<option>--sha-384</option>
|
|
<option>--sha-512</option>
|
|
</term>
|
|
<listitem><para>These options tell <command>pkcs15-crypt</command>
|
|
that the input file is the result of the specified hash operation.
|
|
By default, an MD5 hash is expected. Again, the data must be in binary
|
|
representation.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--sign</option>,
|
|
<option>-s</option>
|
|
</term>
|
|
<listitem><para>Perform digital signature operation on
|
|
the data read from a file specified using the <option>--input</option>
|
|
option. By default, the contents of the file are assumed to
|
|
be the result of an MD5 hash operation.
|
|
Note that <command>pkcs15-crypt</command>
|
|
expects the data in binary representation, not ASCII.</para>
|
|
<para>The digital signature is stored, in binary representation,
|
|
in the file specified by the <option>--output</option> option. If
|
|
this option is not given, the signature is printed on standard
|
|
output, displaying non-printable characters using their hex notation
|
|
<literal>x</literal><replaceable>NN</replaceable>
|
|
(see also <option>--raw</option>).</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--signature-format</option>,
|
|
<option>--f</option>
|
|
</term>
|
|
<listitem><para>When signing with ECDSA key this option indicates
|
|
to <command>pkcs15-crypt</command> the signature output format.
|
|
Possible values are 'rs'(default) -- two concatenated
|
|
integers (PKCS#11), 'sequence' or 'openssl' -- DER encoded sequence
|
|
of two integers (OpenSSL).</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--wait</option>,
|
|
<option>-w</option>
|
|
</term>
|
|
<listitem><para>Causes <command>pkcs15-crypt</command> to
|
|
wait for a card insertion.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>--verbose</option>,
|
|
<option>-v</option>
|
|
</term>
|
|
<listitem><para>Causes <command>pkcs15-crypt</command> to be more
|
|
verbose. Specify this flag several times to enable debug output
|
|
in the OpenSC library.</para></listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See also</title>
|
|
<para>
|
|
<citerefentry>
|
|
<refentrytitle>pkcs15-init</refentrytitle>
|
|
<manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>pkcs15-tool</refentrytitle>
|
|
<manvolnum>1</manvolnum>
|
|
</citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Authors</title>
|
|
<para><command>pkcs15-crypt</command> was written by
|
|
Juha Yrjölä <email>juha.yrjola@iki.fi</email>.</para>
|
|
</refsect1>
|
|
|
|
</refentry>
|