giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
opensc/src/tools/npa-tool.1

206 lines
5.2 KiB
Groff
Raw Blame History

.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.46.4.
.TH NPA-TOOL "1" "July 2016" "OpenSC 0.16.0" "User Commands"
.SH NAME
npa-tool \- manual page for npa-tool 0.16.0
.SH SYNOPSIS
.B npa-tool
[\fI\,OPTIONS\/\fR]...
.SH DESCRIPTION
npa\-tool 0.16.0
.TP
\fB\-h\fR, \fB\-\-help\fR
Print help and exit
.TP
\fB\-V\fR, \fB\-\-version\fR
Print version and exit
.TP
\fB\-r\fR, \fB\-\-reader\fR=\fI\,INT\/\fR
Number of the PC/SC reader to use (\fB\-1\fR for
autodetect) (default=`\-1')
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Use (several times) to be more verbose
.SS "Password Authenticated Connection Establishment (PACE):"
.TP
\fB\-p\fR, \fB\-\-pin\fR[=\fI\,STRING\/\fR]
Run PACE with (transport) eID\-PIN
.TP
\fB\-u\fR, \fB\-\-puk\fR[=\fI\,STRING\/\fR]
Run PACE with PUK
.TP
\fB\-c\fR, \fB\-\-can\fR[=\fI\,STRING\/\fR]
Run PACE with CAN
.TP
\fB\-m\fR, \fB\-\-mrz\fR[=\fI\,STRING\/\fR]
Run PACE with MRZ (insert MRZ without newlines)
.TP
\fB\-\-env\fR
Whether to use environment variables PIN, PUK,
CAN, MRZ and NEWPIN. You may want to clean
your environment before enabling this.
(default=off)
.SS "PIN management:"
.TP
\fB\-N\fR, \fB\-\-new\-pin\fR[=\fI\,STRING\/\fR]
Install a new PIN
.TP
\fB\-R\fR, \fB\-\-resume\fR
Resume eID\-PIN (uses CAN to activate last
retry) (default=off)
.TP
\fB\-U\fR, \fB\-\-unblock\fR
Unblock PIN (uses PUK to activate three more
retries) (default=off)
.SS "Terminal Authentication (TA) and Chip Authentication (CA):"
.TP
\fB\-C\fR, \fB\-\-cv\-certificate\fR=\fI\,FILENAME\/\fR Card Verifiable Certificate to create a
certificate chain. Can be used multiple times
(order is important).
.TP
\fB\-\-cert\-desc\fR=\fI\,HEX_STRING\/\fR
Certificate description to show for Terminal
Authentication
.TP
\fB\-\-chat\fR=\fI\,HEX_STRING\/\fR
Card holder authorization template to use
(default is terminal's CHAT). Use
7F4C0E060904007F000703010203530103 to trigger
EAC on the CAT\-C (Komfortleser).
.TP
\fB\-A\fR, \fB\-\-auxiliary\-data\fR=\fI\,HEX_STRING\/\fR
Terminal's auxiliary data (default is
.TP
determined by verification of validity, age
and community ID).
.TP
\fB\-P\fR, \fB\-\-private\-key\fR=\fI\,FILENAME\/\fR
Terminal's private key
.TP
\fB\-\-cvc\-dir\fR=\fI\,DIRECTORY\/\fR
Where to look for the CVCA's certificate
(default=`/home/fm/.local/etc/eac/cvc')
.TP
\fB\-\-x509\-dir\fR=\fI\,DIRECTORY\/\fR
Where to look for the CSCA's certificate
(default=`/home/fm/.local/etc/eac/x509')
.TP
\fB\-\-disable\-ta\-checks\fR
Disable checking the validity period of CV
certifcates (default=off)
.TP
\fB\-\-disable\-ca\-checks\fR
Disable passive authentication (default=off)
.SS "Read and write data groups:"
.TP
\fB\-\-read\-dg1\fR
Read DG 1 (Document Type) (default=off)
.TP
\fB\-\-read\-dg2\fR
Read DG 2 (Issuing State) (default=off)
.TP
\fB\-\-read\-dg3\fR
Read DG 3 (Date of Expiry) (default=off)
.TP
\fB\-\-read\-dg4\fR
Read DG 4 (Given Names) (default=off)
.TP
\fB\-\-read\-dg5\fR
Read DG 5 (Family Names) (default=off)
.TP
\fB\-\-read\-dg6\fR
Read DG 6 (Religious/Artistic Name)
(default=off)
.TP
\fB\-\-read\-dg7\fR
Read DG 7 (Academic Title) (default=off)
.TP
\fB\-\-read\-dg8\fR
Read DG 8 (Date of Birth) (default=off)
.TP
\fB\-\-read\-dg9\fR
Read DG 9 (Place of Birth) (default=off)
.TP
\fB\-\-read\-dg10\fR
Read DG 10 (Nationality) (default=off)
.TP
\fB\-\-read\-dg11\fR
Read DG 11 (Sex) (default=off)
.TP
\fB\-\-read\-dg12\fR
Read DG 12 (Optional Data) (default=off)
.TP
\fB\-\-read\-dg13\fR
Read DG 13 (Birth Name) (default=off)
.TP
\fB\-\-read\-dg14\fR
Read DG 14 (default=off)
.TP
\fB\-\-read\-dg15\fR
Read DG 15 (default=off)
.TP
\fB\-\-read\-dg16\fR
Read DG 16 (default=off)
.TP
\fB\-\-read\-dg17\fR
Read DG 17 (Normal Place of Residence)
(default=off)
.TP
\fB\-\-read\-dg18\fR
Read DG 18 (Community ID) (default=off)
.TP
\fB\-\-read\-dg19\fR
Read DG 19 (Residence Permit I) (default=off)
.TP
\fB\-\-read\-dg20\fR
Read DG 20 (Residence Permit II)
(default=off)
.TP
\fB\-\-read\-dg21\fR
Read DG 21 (Optional Data) (default=off)
.TP
\fB\-\-write\-dg17\fR=\fI\,HEX_STRING\/\fR
Write DG 17 (Normal Place of Residence)
.TP
\fB\-\-write\-dg18\fR=\fI\,HEX_STRING\/\fR
Write DG 18 (Community ID)
.TP
\fB\-\-write\-dg19\fR=\fI\,HEX_STRING\/\fR
Write DG 19 (Residence Permit I)
.TP
\fB\-\-write\-dg20\fR=\fI\,HEX_STRING\/\fR
Write DG 20 (Residence Permit II)
.TP
\fB\-\-write\-dg21\fR=\fI\,HEX_STRING\/\fR
Write DG 21 (Optional Data)
.SS "Verification of validity, age and community ID:"
.TP
\fB\-\-verify\-validity\fR=\fI\,YYYYMMDD\/\fR
Verify chip's validity with a reference date
.TP
\fB\-\-older\-than\fR=\fI\,YYYYMMDD\/\fR
Verify age with a reference date
.TP
\fB\-\-verify\-community\fR=\fI\,HEX_STRING\/\fR
Verify community ID with a reference ID
.SS "Special options, not always useful:"
.TP
\fB\-b\fR, \fB\-\-break\fR
Brute force PIN, CAN or PUK. Use together with
\fB\-p\fR, \fB\-a\fR or \fB\-u\fR (default=off)
.TP
\fB\-t\fR, \fB\-\-translate\fR=\fI\,FILENAME\/\fR
File with APDUs of HEX_STRINGs to send through
the secure channel (default=`stdin')
.TP
\fB\-\-tr\-03110v201\fR
Force compliance to BSI TR\-03110 version 2.01
(default=off)
.TP
\fB\-\-disable\-all\-checks\fR
Disable all checking of fly\-by\-data
(default=off)
.SH AUTHOR
Written by Frank Morgner <frankmorgner@gmail.com>
.SH "REPORTING BUGS"
Report bugs to opensc\-devel@lists.sourceforge.net
Reference in New Issue View Git Blame Copy Permalink