pkcs11-tool(1)
NAME
pkcs11-tool - utility for managing and using PKCS #11 security tokens
SYNOPSIS
pkcs11-tool [OPTIONS]
DESCRIPTION
The pkcs11-tool utility is used to manage the data objects on smart cards and similar PKCS #11 security tokens. Users can list and read PINs, keys and certificates stored on the token. User PIN authentication is performed for those operations that require it.
OPTIONS
--attr-from path
Extract information from path (DER-encoded certificate file) and
create the corresponding attributes when writing an object to the
token. Example: the certificate subject name is used to create the
CKA_SUBJECT attribute.
--change-pin, -c
Change the user PIN on the token
--unlock-pin
Unlock User PIN (without --login unlock in logged in session;
otherwise --login-type has to be 'context-specific').
--hash, -h
Hash some data.
--id id, -d id
Specify the id of the object to operate on.
--init-pin
Initializes the user PIN. This option differs from --change-pin in
that it sets the user PIN for the first time. Once set, the user
PIN can be changed using --change-pin.
--init-token
Initialize a token: set the token label as well as a Security
Officer PIN (the label must be specified using --label).
--input-file path, -i path
Specify the path to a file for input.
--keypairgen, -k
Generate a new key pair (public and private pair.)
--key-type <replacement>specification</replacement>
Specify the type and length of the key to create, for example
rsa:1024 or EC:prime256v1.
--usage-sign
Specify 'sign' key usage flag (sets SIGN in privkey, sets VERIFY in
pubkey).
--usage-decrypt
Specify 'decrypt' key usage flag (RSA only, set DECRYPT privkey,
ENCRYPT in pubkey).
--usage-derive
Specify 'derive' key usage flag (EC only).
--label name, -a name
Specify the name of the object to operate on (or the token label
when --init-token is used).
--list-mechanisms, -M
Display a list of mechanisms supported by the token.
--list-objects, -O
Display a list of objects.
--list-slots, -L
Display a list of available slots on the token.
--list-token-slots, -T
List slots with tokens.
--login, -l
Authenticate to the token before performing other operations. This
option is not needed if a PIN is provided on the command line.
--login-type
Specify login type ('so', 'user', 'context-specific';
default:'user').
--mechanism mechanism, -m mechanism
Use the specified mechanism for token operations. See -M for a list
of mechanisms supported by your token.
--module mod
Specify a PKCS#11 module (or library) to load.
--moz-cert path, -z path
Test a Mozilla-like keypair generation and certificate request.
Specify the path to the certificate file.
--output-file path, -o path
Specify the path to a file for output.
--pin pin, -p pin
Use the given pin for token operations. If set to env:VARIABLE, the
value of the environment variable VARIABLE is used. WARNING: Be
careful using this option as other users may be able to read the
command line from the system or if it is embedded in a script. If
set to env:VARIABLE, the value of the environment variable VARIABLE
is used.
This option will also set the --login option.
--puk puk
Supply User PUK on the command line.
--new-pin pin
Supply new User PIN on the command line.
--set-id id, -e id
Set the CKA_ID of the object.
--show-info, -I
Display general token information.
--sign, -s
Sign some data.
--decrypt,
Decrypt some data.
--derive,
Derive a secret key using another key and some data.
--slot id
Specify the id of the slot to use.
--slot-description description
Specify the description of the slot to use.
--slot-index index
Specify the index of the slot to use.
--token-label label
Specify the label of token. Will be used the first slot, that has
the inserted token with this label.
--so-pin pin
Use the given pin as the Security Officer PIN for some token
operations (token initialization, user PIN initialization, etc). If
set to env:VARIABLE, the value of the environment variable VARIABLE
is used. The same warning as --pin also applies here.
--test, -t
Perform some tests on the token. This option is most useful when
used with either --login or --pin.
--test-hotplug
Test hotplug capabilities (C_GetSlotList + C_WaitForSlotEvent).
--private
Set the CKA_PRIVATE attribute (object is only viewable after a
login).
--test-ec
Test EC (best used with the --login or --pin option).
--test-fork
Test forking and calling C_Initialize() in the child.
--type type, -y type
Specify the type of object to operate on. Examples are cert,
privkey and pubkey.
--verbose, -v
Cause pkcs11-tool to be more verbose.
NB! This does not affect OpenSC debugging level! To set OpenSC
PKCS#11 module into debug mode, set the OPENSC_DEBUG environment
variable to a non-zero number.
--read-object, -r
Get object's CKA_VALUE attribute (use with --type).
--delete-object, -b
Delete an object.
--application-label label
Specify the application label of the data object (use with --type
data).
--application-id id
Specify the application ID of the data object (use with --type
data).
--issuer data
Specify the issuer in hexadecimal format (use with --type cert).
--subject data
Specify the subject in hexadecimal format (use with --type
cert/privkey/pubkey).
--signature-format format
Format for ECDSA signature: 'rs' (default), 'sequence', 'openssl'.
--write-object id, -w path
Write a key or certificate object to the token. path points to the
DER-encoded certificate or key file.
Opportunity
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
Free Books
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Education
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.
