manpagez: man pages & more
info gnutls
Home | html | info | man
[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8.7 Invoking p11tool

The ‘p11tool’ is a program that helps with accessing tokens and security modules that support the PKCS #11 API. It requires the individual PKCS #11 modules to be loaded either with the --provider option, or by setting up the GnuTLS configuration file for PKCS #11 as in Hardware tokens.

 
p11tool help
Usage: p11tool [options]

     --export URL             Export an object specified by a pkcs11 
                              URL
     --list-tokens            List all available tokens
     --list-mechanisms URL    List all available mechanisms in token.
     --list-all               List all objects specified by a PKCS#11 
                              URL
     --list-all-certs         List all certificates specified by a 
                              PKCS#11 URL
     --list-certs             List certificates that have a private 
                              key specified by a PKCS#11 URL
     --list-privkeys          List private keys specified by a 
                              PKCS#11 URL
     --list-trusted           List certificates marked as trusted, 
                              specified by a PKCS#11 URL
     --initialize URL         Initializes a PKCS11 token.
     --write URL              Writes loaded certificates, private or 
                              secret keys to a PKCS11 token.
     --delete URL             Deletes objects matching the URL.
     --label label            Sets a label for the write operation.
     --trusted                Marks the certificate to be imported as 
                              trusted.
     --login                  Force login to token
     --detailed-url           Export detailed URLs.
     --no-detailed-url        Export less detailed URLs.
     --secret-key HEX_KEY     Provide a hex encoded secret key.
     --load-privkey FILE      Private key file to use.
     --load-pubkey FILE       Private key file to use.
     --load-certificate FILE  
                              Certificate file to use.
     -8, --pkcs8              Use PKCS #8 format for private keys.
     --inder                  Use DER format for input certificates 
                              and private keys.
     --inraw                  Use RAW/DER format for input 
                              certificates and private keys.
     --provider Library       Specify the pkcs11 provider library
     --outfile FILE           Output file.
     -d, --debug LEVEL        specify the debug level. Default is 1.
     -h, --help               shows this help text

After being provided the available PKCS #11 modules, it can list all tokens available in your system, the objects on the tokens, and perform operations on them.

Some examples on how to use p11tool are illustrated in the following paragraphs.

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ] 
© manpagez.com 2000-2025
Individual documents may contain additional copyright information.