opensc/man/pkcs11-tool.1

.PU
.ds nm \fBpkcs11-tool\fR
.TH pkcs11-tool 1 "December 11, 2003" "" OpenSC
.SH NAME
pkcs11-tool \- utility for managing and using PKCS #11 security tokens 
.SH SYNOPSIS
\*(nm
.RI [OPTIONS]
.SH DESCRIPTION
The \*(nm utility is used to manage the 
data objects on smart cards and similar PKCS #11 security tokens.  
Users can list and read PINs, keys and
certificates stored on the token.  User PIN authentication is
performed for those operations that require it.
.SH OPTIONS
.TP
.BR \-\-login ", " \-l
Authenticate to the token before performing other operations.
This option is not needed if a PIN is provided on the command line.
.TP
.BR "\-\-pin " \fIpin\fP ", \-p " \fIpin\fP
Use the given \fIpin\fP for token operations.
WARNING: Be careful using this option as other users may be able to
read the command line from the system or if it is embedded in a script.
.TP
.BR "\-\-so\-pin " \fIpin\fP
Use the given \fIpin\fP as the Security Officer PIN for some token operations
(token initialization, user PIN initialization, etc). The same warning
than \-\-pin also applies here.
.TP
.BR \-\-init\-token
Initializes a token: set the token label as well as a Security Officer
PIN (the label must be specified using \-\-label).
.TP
.BR \-\-init\-pin
Initializes the user PIN. This option differs from \-\-change\-pin in that
it sets the user PIN for the first time. Once set, the user PIN can be
changed using \-\-change\-pin.
.TP
.BR \-\-change\-pin ", " \-c
Change the user PIN on the token
.TP
.BR \-\-test ", " \-t
Performs some tests on the token.  This option is most useful when used with
either \-\-login or \-\-pin.
.TP
.BR \-\-show\-info ", " \-I
Displays general token information.
.TP
.BR \-\-list\-slots ", " \-L
Displays a list of available slots on the token.
.TP
.BR \-\-list\-mechanisms ", " \-M
Displays a list of mechanisms supported by the token.
.TP
.BR \-\-list\-objects ", " \-O
Displays a list of objects.
.TP
.BR \-\-sign ", " \-s
Sign some data.
.TP
.BR \-\-hash ", " \-h
Hash some data.
.TP
.BR "\-\-mechanism " \fImechanism\fP ", \-m " \fImechanism\fP
Use the specified \fImechanism\fP for token operations.  
See \-M for a list of mechanisms supported by your token.
.TP
.BR \-\-keypairgen ", " \-k
Generate a new key pair (public and private pair.)
.TP
.BR "\-\-write\-object " \fIid\fP ", \-w " \fIid\fP
Write a key or certificate object to the token.
.TP
.BR "\-\-type " \fItype\fP ", \-y " \fItype\fP
Specify the type of object to operate on.  Examples are \fIcert\fP ,
\fIprivkey\fP and \fIpubkey\fP .
.TP
.BR "\-\-id " \fIid\fP ", \-d " \fIid\fP
Specify the id of the object to operate on."
.TP
.BR "\-\-label " \fIname\fP ", \-a " \fIname\fP
Specify the name of the object to operate on (or the token label when
\-\-init\-token is used).
.TP
.BR "\-\-slot " \fIid\fP 
Specify the id of the slot to use.
.TP
.BR "\-\-slot\-id " \fIname\fP
Specify the name of the slot to use.
.TP
.BR "\-\-set\-id " \fIid\fP ", \-e " \fIid\fP
Set the CKA_ID of the object.
.TP
.BR "\-\-attr\-from " \fIpath\fP
Extract informations from \fIpath\fP (DER-encoded certificate file)
and create the corresponding attributes when writing an object to the
token. Example: the certificate subject name is used to create the
CKA_SUBJECT attribute.
.TP
.BR "\-\-input\-file " \fIpath\fP ", \-i " \fIpath\fP
Specify the path to a file for input.
.TP
.BR "\-\-output\-file " \fIpath\fP ", \-o " \fIpath\fP
Specify the path to a file for output.
.TP
.BR "\-\-module " \fImod\fP 
Specify a module to load.
.TP
.BR "\-\-moz\-cert " \fIpath\fP ", \-z " \fIpath\fP
Tests a Mozilla-like keypair generation and certificate request.
Specify the \fIpath\fP to the certificate file.
.TP
.BR \-\-verbose ", " \-v
Causes \*(nm to be more verbose. Specify this flag several times
to enable debug output in the opensc library.
.SH SEE ALSO
.BR opensc (7).
.SH AUTHORS
\*(nm was written by Olaf Kirch and Stef Hoeben.
This manpage was contributed by Joe Phillips <joe.phillips@innovationsw.com>
for the Debian GNU/Linux system (but may be used by others).