LinuxGuruz
  • Last 5 Forum Topics
    Replies
    Views
    Last post


The Web Only This Site
  • BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads






  • LINUX man pages
  • Linux Man Page Viewer


    The following form allows you to view linux man pages.

    Command:

    p11tool

    
    
    

    SYNOPSIS

           p11tool [-flag [value]]... [--opt-name[[=| ]value]]... [url]
    
           Operands and options may be intermixed.  They will be reordered.
    
    
    

    DESCRIPTION

           Program  that  allows handling data from PKCS #11 smart cards and secu-
           rity modules.
    
           To  use  PKCS  #11  tokens   with   gnutls   the   configuration   file
           /etc/gnutls/pkcs11.conf  has  to exist and contain a number of lines of
           the form 'load=/usr/lib/opensc-pkcs11.so'.  Alternatively  the  p11-kit
           configuration files have to be setup.
    
           To  provide  the  PIN  for all the operations below use the environment
           variable GNUTLS_PIN.
    
    
    

    OPTIONS

           -d number, --debug=number
                  Enable debugging.  This option takes an integer  number  as  its
                  argument.  The value of number is constrained to being:
                      in the range  0 through 9999
    
                  Specifies the debug level.
    
           --outfile=string
                  Output file.
    
           --list-tokens
                  List all available tokens.
    
           --export
                  Export the object specified by the URL.
    
           --export-chain
                  Export the certificate specified by the URL and its chain of
                  trust.
    
                  Exports the certificate specified by the URL and generates its
                  chain of trust based on the stored certificates in the module.
    
           --list-mechanisms
                  List all available mechanisms in a token.
    
           --list-all
                  List all available objects in a token.
                  URL.
    
           --list-privkeys
                  This is an alias for the --list-all-privkeys option.
    
           --list-keys
                  This is an alias for the --list-all-privkeys option.
    
           --list-all-trusted
                  List all available certificates marked as trusted.
    
           --initialize
                  Initializes a PKCS #11 token.
    
           --write
                  Writes the loaded objects to a PKCS #11 token.
    
                  It can be used to write private keys, certificates or secret
                  keys to a token.
    
           --delete
                  Deletes the objects matching the PKCS #11 URL.
    
           --generate-random=number
                  Generate random data.  This option takes an integer number as
                  its argument.
    
                  Asks the token to generate a number of bytes of random bytes.
    
           --generate-rsa
                  Generate an RSA private-public key pair.
    
                  Generates an RSA private-public key pair on the specified token.
    
           --generate-dsa
                  Generate an RSA private-public key pair.
    
                  Generates an RSA private-public key pair on the specified token.
    
           --generate-ecc
                  Generate an RSA private-public key pair.
    
                  Generates an RSA private-public key pair on the specified token.
    
           --label=string
                  Sets a label for the write operation.
    
           --trusted, --no-trusted
    
           --so-login, --no-so-login
                  Force security officer login to token.  The no-so-login form
                  will disable the option.
    
                  Forces login to the token as security officer (admin).
    
           --admin-login
                  This is an alias for the --so-login option.
    
           --detailed-url, --no-detailed-url
                  Print detailed URLs.  The no-detailed-url form will disable the
                  option.
    
           --secret-key=string
                  Provide a hex encoded secret key.
    
           --load-privkey=file
                  Private key file to use.
    
           --load-pubkey=file
                  Public key file to use.
    
           --load-certificate=file
                  Certificate file to use.
    
           -8, --pkcs8
                  Use PKCS #8 format for private keys.
    
           --bits=number
                  Specify the number of bits for key generate.  This option takes
                  an integer number as its argument.
    
           --sec-param=security parameter
                  Specify the security level.
    
                  This is alternative to the bits option. Available options are
                  [low, legacy, normal, high, ultra].
    
           --inder, --no-inder
                  Use DER/RAW format for input.  The no-inder form will disable
                  the option.
    
                  Use DER/RAW format for input certificates and private keys.
    
    
                  This will override the default options in
                  /etc/gnutls/pkcs11.conf
    
           -h, --help
                  Display usage information and exit.
    
           -!, --more-help
                  Pass the extended usage information through a pager.
    
           -v [{v|c|n}], --version[={v|c|n}]
                  Output version of program and exit.  The default mode is 'v', a
                  simple version.  The 'c' mode will print copyright information
                  and 'n' will print the full copyright notice.
    
    
    

    EXAMPLES

           To view all tokens in your system use:
               $ p11tool --list-tokens
    
           To view all objects in a token use:
               $ p11tool --login --list-all "pkcs11:TOKEN-URL"
    
           To store a private key and a certificate in a token run:
               $ p11tool --login --write "pkcs11:URL" --load-privkey key.pem           --label "Mykey"
               $ p11tool --login --write "pkcs11:URL" --load-certificate cert.pem           --label "Mykey"
           Note that some tokens require the same label to be used for the cer-
           tificate and its corresponding private key.
    
           To generate an RSA private key inside the token use:
               $ p11tool --login --generate-rsa --bits 1024 --label "MyNewKey"           --outfile MyNewKey.pub "pkcs11:TOKEN-URL"
           The bits parameter in the above example is explicitly set because some
           tokens only support a limited number of bits. The output file is the
           corresponding public key. This key can be used to general a certificate
           request with certtool.
               certtool --generate-request --load-privkey "pkcs11:KEY-URL"    --load-pubkey MyNewKey.pub --outfile request.pem
    
    
    

    EXIT STATUS

           One of the following exit values will be returned:
    
           0 (EXIT_SUCCESS)
                  Successful program execution.
    
           1 (EXIT_FAILURE)
                  The operation failed or the command syntax was not valid.
    
           70 (EX_SOFTWARE)
                  libopts had an internal operational error.  Please report it to
                  autogen-users@lists.sourceforge.net.  Thank you.
    
    
    

    SEE ALSO

               certtool (1)
    
           This manual page was AutoGen-erated from the p11tool option defini-
           tions.
    
    
    

    3.2.12 02 Mar 2014 p11tool(1)

    
    
  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free

webmaster@linuxguruz.com
Copyright © 1999 - 2016 by LinuxGuruz