table of contents
| CVC-CREATE(1) | User Commands | CVC-CREATE(1) |
NAME¶
cvc-create - manual page for cvc-create 1.1.2
SYNOPSIS¶
cvc-create [OPTION]...
DESCRIPTION¶
Create a card verifiable certificate
- -h, --help
- Print help and exit
- -V, --version
- Print version and exit
- --out-cert=FILENAME
- Where to save the certificate (default=`CHR.cvcert')
- --role=ENUM
- The terminal's role (possible values="cvca", "dv_domestic", "dv_foreign", "terminal")
- --type=STRING
- Type of the terminal. Known values are "at" (Authentication Terminal), "is" (Inspection System), "st" (Signature Terminal), "derived_from_signer" (uses the the signer's CVC type), any other value is interpreted as object identifier. (default=`derived_from_signer')
- --chat=HEXSTRING
- Raw Card Holder Authorization Template (CHAT). This option will overwrite any terminal specific effective authorization (see options for AT/IS/ST).
- --issued=YYMMDD
- Date the certificate was issued (default=`today')
- --expires=YYMMDD
- Date until the certicate is valid
- --sign-with=FILENAME
- Private key for signing the new certificate
- --scheme=ENUM
- Signature scheme that the new terminal will use (possible values="ECDSA_SHA_1", "ECDSA_SHA_224", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "RSA_v1_5_SHA_1", "RSA_v1_5_SHA_256", "RSA_v1_5_SHA_512", "RSA_PSS_SHA_1", "RSA_PSS_SHA_256", "RSA_PSS_SHA_512")
- Mode: csr
- The properties of the certificate are derived from the given signing request.
- --csr=FILENAME
- Certificate signing request with the attributes
- Mode: manual
- The properties of the certificate are derived from the command line switches.
- --chr=CCH...HSSSSS
- Certificate holder reference (2 characters ISO 3166-1 ALPHA-2 country code, 0-9 characters ISO/IEC 8859-1 holder mnemonic, 5 characters ISO/IEC 8859-1 numeric or alphanumeric sequence number)
- --sign-as=FILENAME
- CV certificate of the entity signing the new certificate (default=`self signed')
- --key=FILENAME
- Private key of the Terminal (default=`derived from signer')
- --out-key=FILENAME
- Where to save the derived private key (default=`CHR.pkcs8')
Options for an Authentication Terminal (AT):¶
- --out-desc=FILENAME
- Where to save the encoded certificate description (default=`CHR.desc')
- --cert-desc=FILENAME
- Terms of usage as part of the certificate description (*.txt, *.html or *.pdf)
- --issuer-name=STRING
- Name of the issuer of this certificate (certificate description)
- --issuer-url=URL
- URL that points to informations about the issuer of this certificate (certificate description)
- --subject-name=STRING
- Name of the holder of this certificate (certificate description)
- --subject-url=URL
- URL that points to informations about the subject of this certificate (certificate description)
- --write-dg17
- Allow writing DG 17 (Normal Place of Residence) (default=off)
- --write-dg18
- Allow writing DG 18 (Community ID) (default=off)
- --write-dg19
- Allow writing DG 19 (Residence Permit I) (default=off)
- --write-dg20
- Allow writing DG 20 (Residence Permit II) (default=off)
- --write-dg21
- Allow writing DG 21 (Optional Data) (default=off)
- --at-rfu32
- Allow RFU R/W Access bit 32 (default=off)
- --at-rfu31
- Allow RFU R/W Access bit 31 (default=off)
- --at-rfu30
- Allow RFU R/W Access bit 30 (default=off)
- --at-rfu29
- Allow RFU R/W Access bit 29 (default=off)
- --read-dg1
- Allow reading DG 1 (Document Type) (default=off)
- --read-dg2
- Allow reading DG 2 (Issuing State) (default=off)
- --read-dg3
- Allow reading DG 3 (Date of Expiry) (default=off)
- --read-dg4
- Allow reading DG 4 (Given Names) (default=off)
- --read-dg5
- Allow reading DG 5 (Family Names) (default=off)
- --read-dg6
- Allow reading DG 6 (Religious/Artistic Name) (default=off)
- --read-dg7
- Allow reading DG 7 (Academic Title) (default=off)
- --read-dg8
- Allow reading DG 8 (Date of Birth) (default=off)
- --read-dg9
- Allow reading DG 9 (Place of Birth) (default=off)
- --read-dg10
- Allow reading DG 10 (Nationality) (default=off)
- --read-dg11
- Allow reading DG 11 (Sex) (default=off)
- --read-dg12
- Allow reading DG 12 (Optional Data) (default=off)
- --read-dg13
- Allow reading DG 13 (default=off)
- --read-dg14
- Allow reading DG 14 (default=off)
- --read-dg15
- Allow reading DG 15 (default=off)
- --read-dg16
- Allow reading DG 16 (default=off)
- --read-dg17
- Allow reading DG 17 (Normal Place of Residence) (default=off)
- --read-dg18
- Allow reading DG 18 (Community ID) (default=off)
- --read-dg19
- Allow reading DG 19 (Residence Permit I) (default=off)
- --read-dg20
- Allow reading DG 20 (Residence Permit II) (default=off)
- --read-dg21
- Allow reading DG 21 (Optional Data) (default=off)
- --install-qual-cert
- Allow installing qualified certificate (default=off)
- --install-cert
- Allow installing certificate (default=off)
- --pin-management
- Allow PIN management (default=off)
- --can-allowed
- CAN allowed (default=off)
- --privileged
- Privileged terminal (default=off)
- --rid
- Allow restricted identification (default=off)
- --verify-community
- Allow community ID verification (default=off)
- --verify-age
- Allow age verification (default=off)
Options for a Signature Terminal (ST):¶
Options for an Inspection System (IS):¶
- --read-eid
- Read access to eID application (Deprecated) (default=off)
- --is-rfu4
- Allow RFU bit 4 (default=off)
- --is-rfu3
- Allow RFU bit 3 (default=off)
- --is-rfu2
- Allow RFU bit 2 (default=off)
- --read-iris
- Read access to ePassport application: DG 4 (Iris) (default=off)
- --read-finger
- Read access to ePassport application: DG 3 (Fingerprint) (default=off)
AUTHOR¶
Written by Frank Morgner <frankmorgner@gmail.com>
REPORTING BUGS¶
Report bugs to https://github.com/frankmorgner/openpace/issues
| July 2022 | OpenPACE 1.1.2 |