.TH p11tool 1 "10 May 2013" "3.1.11" "User Commands" .\" .\" DO NOT EDIT THIS FILE (p11tool-args.man) .\" .\" It has been AutoGen-ed May 10, 2013 at 11:36:31 AM by AutoGen 5.16 .\" From the definitions p11tool-args.def.tmp .\" and the template file agman-cmd.tpl .\" .SH NAME p11tool \- GnuTLS PKCS #11 tool .SH SYNOPSIS .B p11tool .\" Mixture of short (flag) options and long options .RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=| ]\fIvalue\fP]]..." [url] .PP Operands and options may be intermixed. They will be reordered. .PP .SH "DESCRIPTION" Program that allows handling data from PKCS #11 smart cards and security modules. To use PKCS #11 tokens with gnutls the configuration file /etc/gnutls/pkcs11.conf has to exist and contain a number of lines of the form 'load=/usr/lib/opensc-pkcs11.so'. .SH "OPTIONS" .TP .BR \-d " \fInumber\fP, " \-\-debug "=" \fInumber\fP Enable debugging.. This option takes an integer number as its argument. The value of \fInumber\fP is constrained to being: .in +4 .nf .na in the range 0 through 9999 .fi .in -4 .sp Specifies the debug level. .TP .BR \-\-outfile "=\fIstring\fP" Output file. .sp .TP .BR \-\-list\-tokens List all available tokens. .sp .TP .BR \-\-export Export the object specified by the URL. .sp .TP .BR \-\-list\-mechanisms List all available mechanisms in a token. .sp .TP .BR \-\-list\-all List all available objects in a token. .sp .TP .BR \-\-list\-all\-certs List all available certificates in a token. .sp .TP .BR \-\-list\-certs List all certificates that have an associated private key. .sp .TP .BR \-\-list\-all\-privkeys List all available private keys in a token. .sp .TP .BR \-\-list\-all\-trusted List all available certificates marked as trusted. .sp .TP .BR \-\-initialize Initializes a PKCS #11 token. .sp .TP .BR \-\-write Writes the loaded objects to a PKCS #11 token. .sp It can be used to write private keys, certificates or secret keys to a token. .TP .BR \-\-delete Deletes the objects matching the PKCS #11 URL. .sp .TP .BR \-\-generate\-rsa Generate an RSA private-public key pair. .sp Generates an RSA private-public key pair on the specified token. .TP .BR \-\-generate\-dsa Generate an RSA private-public key pair. .sp Generates an RSA private-public key pair on the specified token. .TP .BR \-\-generate\-ecc Generate an RSA private-public key pair. .sp Generates an RSA private-public key pair on the specified token. .TP .BR \-\-label "=\fIstring\fP" Sets a label for the write operation. .sp .TP .BR \-\-trusted, " \fB\-\-no\-trusted\fP" Marks the object to be written as trusted. The \fIno\-trusted\fP form will disable the option. .sp .TP .BR \-\-private, " \fB\-\-no\-private\fP" Marks the object to be written as private. The \fIno\-private\fP form will disable the option. This option is enabled by default. .sp The written object will require a PIN to be used. .TP .BR \-\-login, " \fB\-\-no\-login\fP" Force login to token. The \fIno\-login\fP form will disable the option. .sp .TP .BR \-\-detailed\-url, " \fB\-\-no\-detailed\-url\fP" Print detailed URLs. The \fIno\-detailed\-url\fP form will disable the option. .sp .TP .BR \-\-secret\-key "=\fIstring\fP" Provide a hex encoded secret key. .sp .TP .BR \-\-load\-privkey "=\fIfile\fP" Private key file to use. .sp .TP .BR \-\-load\-pubkey "=\fIfile\fP" Public key file to use. .sp .TP .BR \-\-load\-certificate "=\fIfile\fP" Certificate file to use. .sp .TP .BR \-8 ", " -\-pkcs8 Use PKCS #8 format for private keys. .sp .TP .BR \-\-bits "=\fInumber\fP" Specify the number of bits for key generate. This option takes an integer number as its argument. .sp .TP .BR \-\-sec\-param "=\fIsecurity parameter\fP" Specify the security level. .sp This is alternative to the bits option. Available options are [low, legacy, normal, high, ultra]. .TP .BR \-\-inder, " \fB\-\-no\-inder\fP" Use DER/RAW format for input. The \fIno\-inder\fP form will disable the option. .sp Use DER/RAW format for input certificates and private keys. .TP .BR \-\-inder This is an alias for the inder option. .TP .BR \-\-provider "=\fIfile\fP" Specify the PKCS #11 provider library. .sp This will override the default options in /etc/gnutls/pkcs11.conf .TP .BR \-h , " \-\-help" Display usage information and exit. .TP .BR \-! , " \-\-more-help" Pass the extended usage information through a pager. .TP .BR \-v " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]" Output version of program and exit. The default mode is `v', a simple version. The `c' mode will print copyright information and `n' will print the full copyright notice. .SH EXAMPLES To view all tokens in your system use: .br .in +4 .nf $ p11tool \-\-list\-tokens .in -4 .fi .sp To view all objects in a token use: .br .in +4 .nf $ p11tool \-\-login \-\-list\-all "pkcs11:TOKEN\-URL" .in -4 .fi .sp To store a private key and a certificate in a token run: .br .in +4 .nf $ p11tool \-\-login \-\-write "pkcs11:URL" \-\-load\-privkey key.pem \ \-\-label "Mykey" $ p11tool \-\-login \-\-write "pkcs11:URL" \-\-load\-certificate cert.pem \ \-\-label "Mykey" .in -4 .fi Note that some tokens require the same label to be used for the certificate and its corresponding private key. .sp To generate an RSA private key inside the token use: .br .in +4 .nf $ p11tool \-\-login \-\-generate\-rsa \-\-bits 1024 \-\-label "MyNewKey" \ \-\-outfile MyNewKey.pub "pkcs11:TOKEN\-URL" .in -4 .fi The bits parameter in the above example is explicitly set because some tokens only support a limited number of bits. The output file is the corresponding public key. This key can be used to general a certificate request with certtool. .br .in +4 .nf certtool \-\-generate\-request \-\-load\-privkey "pkcs11:KEY\-URL" \ \-\-load\-pubkey MyNewKey.pub \-\-outfile request.pem .in -4 .fi .sp .SH "EXIT STATUS" One of the following exit values will be returned: .TP .BR 0 " (EXIT_SUCCESS)" Successful program execution. .TP .BR 1 " (EXIT_FAILURE)" The operation failed or the command syntax was not valid. .SH "SEE ALSO" certtool (1) .SH "AUTHORS" Nikos Mavrogiannopoulos, Simon Josefsson and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list. .SH "COPYRIGHT" Copyright (C) 2000-2012 Free Software Foundation all rights reserved. This program is released under the terms of the GNU General Public License, version 3 or later. .SH "BUGS" Please send bug reports to: bug-gnutls@gnu.org .SH "NOTES" This manual page was \fIAutoGen\fP-erated from the \fBp11tool\fP option definitions.