NAME¶
qcatool - command line tool for the Qt Cryptographic Architecture
DESCRIPTION¶
qcatool is a command line tool for performing various cryptographic operations
with the Qt Cryptographic Architecture (QCA). qcatool can also be used for
testing and debugging QCA.
USAGE¶
qcatool has a range of options and commands. You only ever get to use one
command, but you may use several, one or no options.
OPTIONS¶
As noted above, these are all optional, and may be combined.
- --pass=PASSWORD
- Specify the password to use. This is probably a bad idea
except for testing, because anyone can read the arguments to a command
line application.
- --newpass=PASSWORD
- Specify the new password to use for password change with
the key changepass and keybundle changepass commands. This
is probably a bad idea except for testing, because anyone can read the
arguments to a command line application.
- --nonroots=CERTIFICATES
- Specify additional certificates, not trusted, but which may
be used in the trust path if appropriate trust can be established.
- --roots=CERTIFICATES
- Specify additional certificates which can be used as
trusted (root) certificates.
- --nosys
- Disable use of the standard root certificates that are
provided by the operating system.
- --noprompt
- Disable prompting for passwords/passphrases. If you do not
provide the passphrase on the command line (with --pass or
--newpass) this will cause qcatool to abort the command if a
password/passphrase is required.
- --ordered
- If outputting certificate information fields (Distinguished
Name and Subject Alternative Name), show them in same the order that they
are present in the certificate rather than in a friendly sorted
order.
- --debug
- Enable additional output to aid debugging.
- --log-file=FILENAME
- Log to the specified file.
- --log-level=LEVEL
- Log at the specified level. The log level can be between 0
(none) and 8 (most).
- --nobundle
- When S/MIME signing, do not bundle the signer's certificate
chain inside the signature. This results in a smaller signature output,
but requires the recipient to have all of the necessary certificates in
order to verify it.
COMMANDS¶
- help, --help, -h
- Output usage (help) information.
- version, --version, -v
- Output version information.
- plugins
- List available plugins. Use the --debug option to
get more information on plugins which are found and which ones actually
loaded.
- config save [provider]
- Save provider configuration. Use this to have the
provider's default configuration written to persistent storage, which you
can then edit by hand.
- config edit [provider]
- Edit provider configuration. The changes are written to
persistent storage.
- key make rsa|dsa [bits]
- Create a key pair
- key changepass [K]
- Add/change/remove passphrase of a key
- cert makereq [K]
- Create certificate request (CSR)
- cert makeself [K]
- Create self-signed certificate
- cert makereqadv [K]
- Advanced version of 'makereq'
- cert makeselfadv [K]
- Advanced version of 'makeself'
- cert validate [C]
- Validate certificate
- keybundle make [K] [C]
- Create a keybundle
- keybundle extract [X]
- Extract certificate(s) and key
- keybundle changepass [X]
- Change passphrase of a keybundle
- keystore list-stores
- List all available keystores
- keystore list [storeName]
- List content of a keystore
- keystore monitor
- Monitor for keystore availability
- keystore export [E]
- Export a keystore entry's content
- keystore exportref [E]
- Export a keystore entry reference
- keystore addkb [storeName] [cert.p12]
- Add a keybundle into a keystore
- keystore addpgp [storeName] [key.asc]
- Add a PGP key into a keystore
- keystore remove [E]
- Remove an object from a keystore
- show cert [C]
- Examine a certificate
- show req [req.pem]
- Examine a certificate request (CSR)
- show crl [crl.pem]
- Examine a certificate revocation list
- show kb [X]
- Examine a keybundle
- show pgp [P|S]
- Examine a PGP key
- message sign pgp|pgpdetach|smime [X|S]
- Sign a message
- message encrypt pgp|smime [C|P]
- Encrypt a message
- message signencrypt [S] [P]
- PGP sign & encrypt a message
- message verify pgp|smime
- Verify a message
- message decrypt pgp|smime ((X) ...)
- Decrypt a message (S/MIME needs X)
- message exportcerts
- Export certs from S/MIME message
ARGUMENTS¶
The arguments to the commands are as follows.
K = private key.
C = certificate.
X = key bundle.
P = PGP public key.
S = PGP secret key.
E = generic entry.
These must be identified by either a filename or a keystore reference
("store:obj").
AUTHOR¶
qcatool was written by Justin Karneges as part of QCA. This manual page was
written by Brad Hards.