pkcs11-data(1) BSD General Commands Manual pkcs11-data(1)NAME
pkcs11-data -- Data object PKCS#11 enabled token manipulator
SYNOPSIS
pkcs11-data [--verbose] [--add-provider] [--public] [--token-wait] [--cmd]
DESCRIPTION
pkcs11-data pkcs11-data provides a simple interface to manipulate data on cryptographic providers by using RSA Security Inc. PKCS#11 Crypto-
graphic Token Interface (Cryptoki). The following options are available:
--verbose
Enable logging.
--add-provider
Add PKCS#11 provider, this option can be specified more than once.
--public
Data object in on public section.
--token-wait
Wait for token until it inserted.
--cmd
Command to execute:
tokens List available token ids.
list [--token] List available data objects.
export [[--token]] [--application] [--label] [[--file]] [[--application --label --file]] Export data object content from specific token
to a file or to standard output. Several objects can be exported at one execution.
import [--token] [--application] [--label] [[--file]] Import data object content to a specific token from a file or from standard
input.
remove [--token] [--application] [--label] Remove data object.
AUTHORS AND COPYRIGHT
Copyright (c) 2006 Alon Bar-Lev <alon.barlev@gmail.com>
All rights reserved.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MER-
CHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFT-
WARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
POSIX-compatible December 1, 2006 POSIX-compatible
Check Out this Related Man Page
PKCS11-TOOL(1) OpenSC Tools PKCS11-TOOL(1)NAME
pkcs11-tool - utility for managing and using PKCS #11 security tokens
SYNOPSIS
pkcs11-tool [OPTIONS]
DESCRIPTION
The pkcs11-tool utility is used to manage the data objects on smart cards and similar PKCS #11 security tokens. Users can list and read
PINs, keys and certificates stored on the token. User PIN authentication is performed for those operations that require it.
OPTIONS --attr-from path
Extract information from path (DER-encoded certificate file) and create the corresponding attributes when writing an object to the
token. Example: the certificate subject name is used to create the CKA_SUBJECT attribute.
--change-pin, -c
Change the user PIN on the token
--hash, -h
Hash some data.
--id id, -d id
Specify the id of the object to operate on.
--init-pin
Initializes the user PIN. This option differs from --change-pin in that it sets the user PIN for the first time. Once set, the user PIN
can be changed using --change-pin.
--init-token
Initialize a token: set the token label as well as a Security Officer PIN (the label must be specified using --label).
--input-file path, -i path
Specify the path to a file for input.
--keypairgen, -k
Generate a new key pair (public and private pair.)
--label name, -a name
Specify the name of the object to operate on (or the token label when --init-token is used).
--list-mechanisms, -M
Display a list of mechanisms supported by the token.
--list-objects, -O
Display a list of objects.
--list-slots, -L
Display a list of available slots on the token.
--login, -l
Authenticate to the token before performing other operations. This option is not needed if a PIN is provided on the command line.
--mechanism mechanism, -m mechanism
Use the specified mechanism for token operations. See -M for a list of mechanisms supported by your token.
--module mod
Specify a PKCS#11 module (or library) to load.
--moz-cert path, -z path
Test a Mozilla-like keypair generation and certificate request. Specify the path to the certificate file.
--output-file path, -o path
Specify the path to a file for output.
--pin pin, -p pin
Use the given pin for token operations. WARNING: Be careful using this option as other users may be able to read the command line from
the system or if it is embedded in a script.
This option will also set the --login option.
--set-id id, -e id
Set the CKA_ID of the object.
--show-info, -I
Display general token information.
--sign, -s
Sign some data.
--slot id
Specify the id of the slot to use.
--slot-description description
Specify the description of the slot to use.
--slot-index index
Specify the index of the slot to use.
--token-label label
Specify the label of token. Will be used the first slot, that has the inserted token with this label.
--so-pin pin
Use the given pin as the Security Officer PIN for some token operations (token initialization, user PIN initialization, etc). The same
warning as --pin also applies here.
--test, -t
Perform some tests on the token. This option is most useful when used with either --login or --pin.
--type type, -y type
Specify the type of object to operate on. Examples are cert, privkey and pubkey.
--verbose, -v
Cause pkcs11-tool to be more verbose.
NB! This does not affect OpenSC debugging level! To set OpenSC PKCS#11 module into debug mode, set the OPENSC_DEBUG environment
variable to a non-zero number.
--write-object id, -w path
Write a key or certificate object to the token. path points to the DER-encoded certificate or key file.
opensc 06/17/2014 PKCS11-TOOL(1)