manpagez: man pages & more
info gnutls
Home | html | info | man
[ << ] [ < ] [ Up ] [ > ] [ >> ]         [Top] [Contents] [Index] [ ? ]

6.7.5 Invoking p11tool

Program that allows handling data from PKCS #11 smart cards and security modules.

To use PKCS #11 tokens with gnutls the configuration file /etc/gnutls/pkcs11.conf has to exist and contain a number of lines of the form ’load=/usr/lib/opensc-pkcs11.so’.

This section was generated by AutoGen, using the agtexi-cmd template and the option descriptions for the p11tool program. This software is released under the GNU General Public License, version 3 or later.

p11tool usage (-h)

This is the automatically generated usage text for p11tool: 

p11tool - GnuTLS PKCS #11 tool - Ver. 3.0.17
USAGE:  p11tool [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [url]

   -d, --debug=num            Enable debugging.
                                - It must be in the range:
                                  0 to 9999
       --outfile=str          Output file
       --list-tokens          List all available tokens
       --export               Export the object specified by the URL
       --list-mechanisms      List all available mechanisms in a token
       --list-all             List all available objects in a token
       --list-all-certs       List all available certificates in a token
       --list-certs           List all certificates that have an associated private key
       --list-all-privkeys    List all available private keys in a token
       --list-all-trusted     List all available certificates marked as trusted
       --initialize           Initializes a PKCS #11 token
       --write                Writes the loaded objects to a PKCS #11 token
       --delete               Deletes the objects matching the PKCS #11 URL
       --generate-rsa         Generate an RSA private-public key pair
       --generate-dsa         Generate an RSA private-public key pair
       --generate-ecc         Generate an RSA private-public key pair
       --label=str            Sets a label for the write operation
       --trusted              Marks the object to be written as trusted
                                - disabled as --no-trusted
       --private              Marks the object to be written as private
                                - disabled as --no-private
                                - enabled by default
       --login                Force login to token
                                - disabled as --no-login
       --detailed-url         Print detailed URLs
                                - disabled as --no-detailed-url
       --secret-key=str       Provide a hex encoded secret key
       --load-privkey=file    Private key file to use
                                - file must pre-exist
       --load-pubkey=file     Public key file to use
                                - file must pre-exist
       --load-certificate=file Certificate file to use
                                - file must pre-exist
   -8, --pkcs8                Use PKCS #8 format for private keys
       --bits=num             Specify the number of bits for key generate
       --sec-param=str        Specify the security level
       --inder                Use DER/RAW format for input
                                - disabled as --no-inder
       --inraw                This is an alias for 'inder'
       --provider=file        Specify the PKCS #11 provider library
                                - file must pre-exist
   -v, --version[=arg]        Output version information and exit
   -h, --help                 Display extended usage information and exit
   -!, --more-help            Extended usage information passed thru pager

Options are specified by doubled hyphens and their name or by a single
hyphen and the flag character.
Operands and options may be intermixed.  They will be reordered.



Program that allows handling data from PKCS #11 smart cards and security
modules.

To use PKCS #11 tokens with gnutls the configuration file
/etc/gnutls/pkcs11.conf has to exist and contain a number of lines of
the form 'load=/usr/lib/opensc-pkcs11.so'.

please send bug reports to:  bug-gnutls@gnu.org

bits option

This is the “specify the number of bits for key generate” option.

debug option (-d)

This is the “enable debugging.” option. Specifies the debug level.

delete option

This is the “deletes the objects matching the pkcs #11 url” option.

detailed-url option

This is the “print detailed urls” option.

export option

This is the “export the object specified by the url” option.

generate-dsa option

This is the “generate an rsa private-public key pair” option. Generates an RSA private-public key pair on the specified token.

generate-ecc option

This is the “generate an rsa private-public key pair” option. Generates an RSA private-public key pair on the specified token.

generate-rsa option

This is the “generate an rsa private-public key pair” option. Generates an RSA private-public key pair on the specified token.

inder option

This is the “use der/raw format for input” option. Use DER/RAW format for input certificates and private keys.

initialize option

This is the “initializes a pkcs #11 token” option.

inraw option

This is an alias for the inder option, see the inder documentation.

label option

This is the “sets a label for the write operation” option.

list-all option

This is the “list all available objects in a token” option.

list-all-certs option

This is the “list all available certificates in a token” option.

list-all-privkeys option

This is the “list all available private keys in a token” option.

list-all-trusted option

This is the “list all available certificates marked as trusted” option.

list-certs option

This is the “list all certificates that have an associated private key” option.

list-mechanisms option

This is the “list all available mechanisms in a token” option.

list-tokens option

This is the “list all available tokens” option.

load-certificate option

This is the “certificate file to use” option.

load-privkey option

This is the “private key file to use” option.

load-pubkey option

This is the “public key file to use” option.

login option

This is the “force login to token” option.

outfile option

This is the “output file” option.

pkcs8 option (-8)

This is the “use pkcs #8 format for private keys” option.

private option

This is the “marks the object to be written as private” option.

This option has some usage constraints. It:

The written object will require a PIN to be used.

provider option

This is the “specify the pkcs #11 provider library” option. This will override the default options in /etc/gnutls/pkcs11.conf

sec-param option

This is the “specify the security level” option. This is alternative to the bits option. Available options are [low, legacy, normal, high, ultra].

secret-key option

This is the “provide a hex encoded secret key” option.

trusted option

This is the “marks the object to be written as trusted” option.

write option

This is the “writes the loaded objects to a pkcs #11 token” option. It can be used to write private keys, certificates or secret keys to a token.

p11tool exit status

One of the following exit values will be returned:

0

Successful program execution.

1

The operation failed or the command syntax was not valid.

p11tool See Also

certtool (1)

p11tool Examples

To view all tokens in your system use: 

$ p11tool --list-tokens

To view all objects in a token use: 

$ p11tool --login --list-all "pkcs11:TOKEN-URL"

To store a private key and a certificate in a token run: 

$ p11tool --login --write "pkcs11:URL" --load-privkey key.pem \
          --label "Mykey"
$ p11tool --login --write "pkcs11:URL" --load-certificate cert.pem \
          --label "Mykey"

Note that some tokens require the same label to be used for the certificate and its corresponding private key.

[ << ] [ < ] [ Up ] [ > ] [ >> ]         [Top] [Contents] [Index] [ ? ]

This document was generated on March 23, 2012 using texi2html 5.0. 

© manpagez.com 2000-2025
Individual documents may contain additional copyright information.