'\" t .\" Title: pkcs15-crypt .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 .\" Date: 06/03/2012 .\" Manual: OpenSC tools .\" Source: opensc .\" Language: English .\" .TH "PKCS15\-CRYPT" "1" "06/03/2012" "opensc" "OpenSC tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pkcs15-crypt \- perform crypto operations using pkcs15 smart card .SH "SYNOPSIS" .PP \fBpkcs15\-crypt\fR [OPTIONS] .SH "DESCRIPTION" .PP The \fBpkcs15\-crypt\fR utility can be used from the command line to perform cryptographic operations such as computing digital signatures or decrypting data, using keys stored on a PKCS #15 compliant smart card\&. .SH "OPTIONS" .PP .PP \fB\-\-sign, \-s\fR .RS 4 Perform digital signature operation on the data read from a file specified using the \fBinput\fR option\&. By default, the contents of the file are assumed to be the result of an MD5 hash operation\&. Note that \fBpkcs15\-crypt\fR expects the data in binary representation, not ASCII\&. .sp The digital signature is stored, in binary representation, in the file specified by the \fBoutput\fR option\&. If this option is not given, the signature is printed on standard output, displaying non\-printable characters using their hex notation xNN (see also \fB\-\-raw\fR)\&. .RE .PP \fB\-\-pkcs1\fR .RS 4 By default, \fBpkcs15\-crypt\fR assumes that input data has been padded to the correct length (i\&.e\&. when computing an RSA signature using a 1024 bit key, the input must be padded to 128 bytes to match the modulus length)\&. When giving the \fB\-\-pkcs1\fR option, however, \fBpkcs15\-crypt\fR will perform the required padding using the algorithm outlined in the PKCS #1 standard version 1\&.5\&. .RE .PP \fB\-\-sha\-1\fR .RS 4 This option tells \fBpkcs15\-crypt\fR that the input file is the result of an SHA1 hash operation, rather than an MD5 hash\&. Again, the data must be in binary representation\&. .RE .PP \fB\-\-decipher, \-c\fR .RS 4 Decrypt the contents of the file specified by the \fB\-\-input\fR option\&. The result of the decryption operation is written to the file specified by the \fB\-\-output\fR option\&. If this option is not given, the decrypted data is printed to standard output, displaying non\-printable characters using their hex notation xNN (see also \fB\-\-raw\fR)\&. .RE .PP \fB\-\-key\fR \fIid\fR, \fB\-k\fR \fIid\fR .RS 4 Selects the ID of the key to use\&. .RE .PP \fB\-\-reader\fR \fIN\fR, \fB\-r\fR \fIN\fR .RS 4 Selects the \fIN\fR\-th smart card reader configured by the system\&. If unspecified, \fBpkcs15\-crypt\fR will use the first reader found\&. .RE .PP \fB\-\-input\fR \fIfile\fR, \fB\-i\fR \fIfile\fR .RS 4 Specifies the input file to use\&. .RE .PP \fB\-\-output\fR \fIfile\fR, \fB\-o\fR \fIfile\fR .RS 4 Any output will be sent to the specified file\&. .RE .PP \fB\-\-raw, \-R\fR .RS 4 Outputs raw 8 bit data\&. .RE .PP \fB\-\-pin\fR \fIpin\fR, \fB\-p\fR \fIpin\fR .RS 4 When the cryptographic operation requires a PIN to access the key, \fBpkcs15\-crypt\fR will prompt the user for the PIN on the terminal\&. Using this option allows you to specify the PIN on the command line\&. .sp Note that on most operating systems, the command line of a process can be displayed by any user using the ps(1) command\&. It is therefore a security risk to specify secret information such as PINs on the command line\&. If you specify \*(Aq\-\*(Aq as PIN, it will be read from STDIN\&. .RE .PP \fB\-\-aid\fR \fIaid\fR .RS 4 Specify in a hexadecimal form the AID of the on\-card PKCS#15 application to be binded to\&. .RE .PP \fB\-\-verbose, \-v\fR .RS 4 Causes \fBpkcs15\-crypt\fR to be more verbose\&. Specify this flag several times to enable debug output in the OpenSC library\&. .RE .SH "SEE ALSO" .PP pkcs15\-init(1), pkcs15\-tool(1)