.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.2. .TH CVC-CREATE "1" "July 2022" "OpenPACE 1.1.2" "User Commands" .SH NAME cvc-create \- manual page for cvc-create 1.1.2 .SH SYNOPSIS .B cvc-create [\fI\,OPTION\/\fR]... .SH DESCRIPTION Create a card verifiable certificate .TP \fB\-h\fR, \fB\-\-help\fR Print help and exit .TP \fB\-V\fR, \fB\-\-version\fR Print version and exit .TP \fB\-\-out\-cert\fR=\fI\,FILENAME\/\fR Where to save the certificate (default=`CHR.cvcert') .TP \fB\-\-role\fR=\fI\,ENUM\/\fR The terminal's role (possible values="cvca", "dv_domestic", "dv_foreign", "terminal") .TP \fB\-\-type\fR=\fI\,STRING\/\fR Type of the terminal. Known values are "at" (Authentication Terminal), "is" (Inspection System), "st" (Signature Terminal), "derived_from_signer" (uses the the signer's CVC type), any other value is interpreted as object identifier. (default=`derived_from_signer') .TP \fB\-\-chat\fR=\fI\,HEXSTRING\/\fR Raw Card Holder Authorization Template (CHAT). This option will overwrite any terminal specific effective authorization (see options for AT/IS/ST). .TP \fB\-\-issued\fR=\fI\,YYMMDD\/\fR Date the certificate was issued (default=`today') .TP \fB\-\-expires\fR=\fI\,YYMMDD\/\fR Date until the certicate is valid .TP \fB\-\-sign\-with\fR=\fI\,FILENAME\/\fR Private key for signing the new certificate .TP \fB\-\-scheme\fR=\fI\,ENUM\/\fR Signature scheme that the new terminal will use (possible values="ECDSA_SHA_1", "ECDSA_SHA_224", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "RSA_v1_5_SHA_1", "RSA_v1_5_SHA_256", "RSA_v1_5_SHA_512", "RSA_PSS_SHA_1", "RSA_PSS_SHA_256", "RSA_PSS_SHA_512") .IP Mode: csr .IP The properties of the certificate are derived from the given signing request. .TP \fB\-\-csr\fR=\fI\,FILENAME\/\fR Certificate signing request with the attributes .IP Mode: manual .IP The properties of the certificate are derived from the command line switches. .TP \fB\-\-chr\fR=\fI\,CCH\/\fR...HSSSSS Certificate holder reference (2 characters ISO 3166\-1 ALPHA\-2 country code, 0\-9 characters ISO/IEC 8859\-1 holder mnemonic, 5 characters ISO/IEC 8859\-1 numeric or alphanumeric sequence number) .TP \fB\-\-sign\-as\fR=\fI\,FILENAME\/\fR CV certificate of the entity signing the new certificate (default=`self signed') .TP \fB\-\-key\fR=\fI\,FILENAME\/\fR Private key of the Terminal (default=`derived from signer') .TP \fB\-\-out\-key\fR=\fI\,FILENAME\/\fR Where to save the derived private key (default=`CHR.pkcs8') .SS "Options for an Authentication Terminal (AT):" .TP \fB\-\-out\-desc\fR=\fI\,FILENAME\/\fR Where to save the encoded certificate description (default=`CHR.desc') .TP \fB\-\-cert\-desc\fR=\fI\,FILENAME\/\fR Terms of usage as part of the certificate description (*.txt, *.html or *.pdf) .TP \fB\-\-issuer\-name\fR=\fI\,STRING\/\fR Name of the issuer of this certificate (certificate description) .TP \fB\-\-issuer\-url\fR=\fI\,URL\/\fR URL that points to informations about the issuer of this certificate (certificate description) .TP \fB\-\-subject\-name\fR=\fI\,STRING\/\fR Name of the holder of this certificate (certificate description) .TP \fB\-\-subject\-url\fR=\fI\,URL\/\fR URL that points to informations about the subject of this certificate (certificate description) .TP \fB\-\-write\-dg17\fR Allow writing DG 17 (Normal Place of Residence) (default=off) .TP \fB\-\-write\-dg18\fR Allow writing DG 18 (Community ID) (default=off) .TP \fB\-\-write\-dg19\fR Allow writing DG 19 (Residence Permit I) (default=off) .TP \fB\-\-write\-dg20\fR Allow writing DG 20 (Residence Permit II) (default=off) .TP \fB\-\-write\-dg21\fR Allow writing DG 21 (Optional Data) (default=off) .TP \fB\-\-at\-rfu32\fR Allow RFU R/W Access bit 32 (default=off) .TP \fB\-\-at\-rfu31\fR Allow RFU R/W Access bit 31 (default=off) .TP \fB\-\-at\-rfu30\fR Allow RFU R/W Access bit 30 (default=off) .TP \fB\-\-at\-rfu29\fR Allow RFU R/W Access bit 29 (default=off) .TP \fB\-\-read\-dg1\fR Allow reading DG 1 (Document Type) (default=off) .TP \fB\-\-read\-dg2\fR Allow reading DG 2 (Issuing State) (default=off) .TP \fB\-\-read\-dg3\fR Allow reading DG 3 (Date of Expiry) (default=off) .TP \fB\-\-read\-dg4\fR Allow reading DG 4 (Given Names) (default=off) .TP \fB\-\-read\-dg5\fR Allow reading DG 5 (Family Names) (default=off) .TP \fB\-\-read\-dg6\fR Allow reading DG 6 (Religious/Artistic Name) (default=off) .TP \fB\-\-read\-dg7\fR Allow reading DG 7 (Academic Title) (default=off) .TP \fB\-\-read\-dg8\fR Allow reading DG 8 (Date of Birth) (default=off) .TP \fB\-\-read\-dg9\fR Allow reading DG 9 (Place of Birth) (default=off) .TP \fB\-\-read\-dg10\fR Allow reading DG 10 (Nationality) (default=off) .TP \fB\-\-read\-dg11\fR Allow reading DG 11 (Sex) (default=off) .TP \fB\-\-read\-dg12\fR Allow reading DG 12 (Optional Data) (default=off) .TP \fB\-\-read\-dg13\fR Allow reading DG 13 (default=off) .TP \fB\-\-read\-dg14\fR Allow reading DG 14 (default=off) .TP \fB\-\-read\-dg15\fR Allow reading DG 15 (default=off) .TP \fB\-\-read\-dg16\fR Allow reading DG 16 (default=off) .TP \fB\-\-read\-dg17\fR Allow reading DG 17 (Normal Place of Residence) (default=off) .TP \fB\-\-read\-dg18\fR Allow reading DG 18 (Community ID) (default=off) .TP \fB\-\-read\-dg19\fR Allow reading DG 19 (Residence Permit I) (default=off) .TP \fB\-\-read\-dg20\fR Allow reading DG 20 (Residence Permit II) (default=off) .TP \fB\-\-read\-dg21\fR Allow reading DG 21 (Optional Data) (default=off) .TP \fB\-\-install\-qual\-cert\fR Allow installing qualified certificate (default=off) .TP \fB\-\-install\-cert\fR Allow installing certificate (default=off) .TP \fB\-\-pin\-management\fR Allow PIN management (default=off) .TP \fB\-\-can\-allowed\fR CAN allowed (default=off) .TP \fB\-\-privileged\fR Privileged terminal (default=off) .TP \fB\-\-rid\fR Allow restricted identification (default=off) .TP \fB\-\-verify\-community\fR Allow community ID verification (default=off) .TP \fB\-\-verify\-age\fR Allow age verification (default=off) .SS "Options for a Signature Terminal (ST):" .TP \fB\-\-st\-rfu5\fR Allow RFU bit 5 (default=off) .TP \fB\-\-st\-rfu4\fR Allow RFU bit 4 (default=off) .TP \fB\-\-st\-rfu3\fR Allow RFU bit 3 (default=off) .TP \fB\-\-st\-rfu2\fR Allow RFU bit 2 (default=off) .TP \fB\-\-gen\-qualified\-sig\fR Generate qualified electronic signature (default=off) .TP \fB\-\-gen\-sig\fR Generate electronic signature (default=off) .SS "Options for an Inspection System (IS):" .TP \fB\-\-read\-eid\fR Read access to eID application (Deprecated) (default=off) .TP \fB\-\-is\-rfu4\fR Allow RFU bit 4 (default=off) .TP \fB\-\-is\-rfu3\fR Allow RFU bit 3 (default=off) .TP \fB\-\-is\-rfu2\fR Allow RFU bit 2 (default=off) .TP \fB\-\-read\-iris\fR Read access to ePassport application: DG 4 (Iris) (default=off) .TP \fB\-\-read\-finger\fR Read access to ePassport application: DG 3 (Fingerprint) (default=off) .SH AUTHOR Written by Frank Morgner .SH "REPORTING BUGS" Report bugs to https://github.com/frankmorgner/openpace/issues