'\" t .\" Title: pkcs15-tool .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 .\" Date: 06/03/2012 .\" Manual: OpenSC tools .\" Source: opensc .\" Language: English .\" .TH "PKCS15\-TOOL" "1" "06/03/2012" "opensc" "OpenSC tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pkcs15-tool \- utility for manipulating PKCS #15 data structures on smart cards and similar security tokens .SH "SYNOPSIS" .PP \fBpkcs15\-tool\fR [OPTIONS] .SH "DESCRIPTION" .PP The \fBpkcs15\-tool\fR utility is used to manipulate the PKCS #15 data structures on smart cards and similar security tokens\&. Users can list and read PINs, keys and certificates stored on the token\&. User PIN authentication is performed for those operations that require it\&. .SH "OPTIONS" .PP .PP \fB\-\-learn\-card, \-L\fR .RS 4 Cache PKCS #15 token data to the local filesystem\&. Subsequent operations are performed on the cached data where possible\&. If the cache becomes out\-of\-sync with the token state (eg\&. new key is generated and stored on the token), the cache should be updated or operations may show stale results\&. .RE .PP \fB\-\-list\-applications\fR .RS 4 List the on\-card PKCS#15 applications .RE .PP \fB\-\-read\-certificate\fR \fIcert\fR, \fB\-r\fR \fIcert\fR .RS 4 Reads the certificate with the given id\&. .RE .PP \fB\-\-list\-certificates, \-c\fR .RS 4 Lists all certificates stored on the token\&. .RE .PP \fB\-\-read\-data\-object\fR \fIcert\fR, \fB\-R\fR \fIdata\fR .RS 4 Reads data object with OID, applicationName or label\&. .RE .PP \fB\-\-verify\-pin\fR .RS 4 Verify PIN after card binding and before issuing any command (without \*(Aqauth\-id\*(Aq the first non\-SO, non\-Unblock PIN will be verified) .RE .PP \fB\-\-list\-data\-objects, \-C\fR .RS 4 Lists all data objects stored on the token\&. For some cards the PKCS#15 attributes of the private data objects are protected for reading and need the authentication with the User PIN\&. In such a case the \fB\-\-verify\-pin\fR option has to be used\&. .RE .PP \fB\-\-list\-pins\fR .RS 4 Lists all PINs stored on the token\&. General information about each PIN is listed (eg\&. PIN name)\&. Actual PIN values are not shown\&. .RE .PP \fB\-\-dump, \-D\fR .RS 4 Dump card objects\&. .RE .PP \fB\-\-change\-pin\fR .RS 4 Changes a PIN or PUK stored on the token\&. User authentication is required for this operation\&. .RE .PP \fB\-\-unblock\-pin, \-u\fR .RS 4 Unblocks a PIN stored on the token\&. Knowledge of the Pin Unblock Key (PUK) is required for this operation\&. .RE .PP \fB\-\-list\-keys, \-k\fR .RS 4 Lists all private keys stored on the token\&. General information about each private key is listed (eg\&. key name, id and algorithm)\&. Actual private key values are not displayed\&. For some cards the PKCS#15 attributes of the private keys are protected for reading and need the authentication with the User PIN\&. In such a case the \fB\-\-verify\-pin\fR option has to be used\&. .RE .PP \fB\-\-list\-public\-keys\fR .RS 4 Lists all public keys stored on the token, including key name, id, algorithm and length information\&. .RE .PP \fB\-\-read\-public\-key\fR \fIid\fR .RS 4 Reads the public key with id \fIid\fR, allowing the user to extract and store or use the public key\&. .RE .PP \fB\-\-read\-ssh\-key\fR \fIid\fR .RS 4 Reads the public key with id \fIid\fR, writing the output in format suitable for $HOME/\&.ssh/authorized_keys\&. .RE .PP \fB\-\-output\fR \fIfilename\fR, \fB\-o\fR \fIfilename\fR .RS 4 Specifies where key output should be written\&. If \fIfilename\fR already exists, it will be overwritten\&. If this option is not given, keys will be printed to standard output\&. .RE .PP \fB\-\-no\-cache\fR .RS 4 Disables token data caching\&. .RE .PP \fB\-\-auth\-id\fR \fIpin\fR, \fB\-a\fR \fIpin\fR .RS 4 Specifies the auth id of the PIN to use for the operation\&. This is useful with the \-\-change\-pin operation\&. .RE .PP \fB\-\-aid\fR \fIaid\fR .RS 4 Specify in a hexadecimal form the AID of the on\-card PKCS#15 application to be binded to\&. .RE .PP \fB\-\-reader\fR \fInum\fR .RS 4 Forces \fBpkcs15\-tool\fR to use reader number \fInum\fR for operations\&. The default is to use reader number 0, the first reader in the system\&. .RE .PP \fB\-\-verbose, \-v\fR .RS 4 Causes \fBpkcs15\-tool\fR to be more verbose\&. Specify this flag several times to enable debug output in the OpenSC library\&. .RE .SH "SEE ALSO" .PP pkcs15\-init(1), pkcs15\-crypt(1)