Name

p11tool — GnuTLS PKCS #11 tool

Synopsis

p11tool [ −flag [value] ...] [ −−opt−name [[=|]value] ...] [url]

DESCRIPTION

Program that allows handling data from PKCS #11 smart cards and security modules. To use PKCS #11 tokens with gnutls the configuration file /etc/gnutls/pkcs11.conf has to exist and contain a number of lines of the form 'load=/usr/lib/opensc-pkcs11.so'.

OPTIONS

−d number, −−debug=number

Enable debugging.. This option takes an integer number as its argument. The value of number is constrained to being:

in the range  0 through 9999

Specifies the debug level.

−−list−tokens

List all available tokens.

−−export

Export the object specified by the URL.

−−list−mechanisms

List all available mechanisms in a token.

−−list−all

List all available objects in a token.

−−list−all−certs

List all available certificates in a token.

−−list−certs

List all certificates that have an associated private key.

−−list−all−privkeys

List all available private keys in a token.

−−list−all−trusted

List all available certificates marked as trusted.

−−initialize

Initializes a PKCS #11 token.

−−write

Writes the loaded objects to a PKCS #11 token.

It can be used to write private keys, certificates or secret keys to a token.

−−delete

Deletes the objects matching the PKCS #11 URL.

−−generate−rsa

Generates an RSA private-public key pair on the specified token.

−−generate−dsa

Generates an RSA private-public key pair on the specified token.

−−generate−ecc

Generates an RSA private-public key pair on the specified token.

−−label=string

Sets a label for the write operation.

−−trusted, −−no−trusted

Marks the object to be written as trusted. The no−trusted form will disable the option.

−−private, −−no−private

Marks the object to be written as private. The no−private form will disable the option. This option is enabled by default.

The written object will require a PIN to be used.

−−login, −−no−login

Force login to token. The no−login form will disable the option.

−−detailed−url, −−no−detailed−url

Print detailed URLs. The no−detailed−url form will disable the option.

−−secret−key=string

Provide a hex encoded secret key.

−−load−privkey=file

Private key file to use.

−−load−pubkey=file

Public key file to use.

−−load−certificate=file

Certificate file to use.

−8, -−pkcs8

Use PKCS #8 format for private keys.

−−bits=number

Specify the number of bits for key generate. This option takes an integer number as its argument.

−−sec−param=security parameter

Specify the security level [low|legacy|normal|high|ultra]..

This is alternative to the bits option.

−−inder, −−no−inder

Use DER/RAW format for input certificates and private keys. The no−inder form will disable the option.

−−inraw

This option has not been fully documented.

−−provider=file

Specify the PKCS #11 provider library.

This will override the default options in /etc/gnutls/pkcs11.conf

−−outfile=string

Output file.

−h, −−help

Display usage information and exit.

−!, −−more−help

Pass the extended usage information through a pager.

−v [{v|c|n}], −−version[={v|c|n}]

Output version of program and exit. The default mode is `v', a simple version. The `c' mode will print copyright information and `n' will print the full copyright notice.

EXAMPLES

To view all tokens in your system use:

$ p11tool −−list−tokens

To view all objects in a token use:

$ p11tool −−login −−list−all "pkcs11:TOKEN−URL"

To store a private key and a certificate in a token run:

$ p11tool −−login −−write "pkcs11:URL" −−load−privkey key.pem −−label "Mykey"
$ p11tool −−login −−write "pkcs11:URL" −−load−certificate cert.pem −−label "MyCert"

EXIT STATUS

One of the following exit values will be returned:

0

Successful program execution.

1

The operation failed or the command syntax was not valid.

SEE ALSO

certtool (1)

AUTHORS

Nikos Mavrogiannopoulos, Simon Josefsson and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list.

BUGS

Please send bug reports to: bug-gnutls@gnu.org

NOTES

This manual page was AutoGen-erated from the p11tool option definitions.

COPYRIGHT

Copyright (C) 2000-2012 Free Software Foundation all rights reserved. This program is released under the terms of the GNU General Public License, version 3 or later.