1CMCSharedToken(1)    PKI CMC Shared Secret Generation Tool   CMCSharedToken(1)
2
3
4

NAME

6       CMCSharedToken  -  Used  to process a user passphrase and create shared
7       token to be stored by the CA to allow Shared Secret-based proof of ori‐
8       gin in cases such as CMC certificate issuance and revocation.
9
10

SYNOPSIS

12       CMCSharedToken [OPTIONS]
13
14

DESCRIPTION

16       The  Certificate  Management  over  Cryptographic  Message Syntax (CMC)
17       shared secret generation tool, CMCSharedToken, provides a  command-line
18       utility used to process a user passphrase to be shared with the CA.
19
20       It  takes  a  passphrase  provided  by  the  user,  encrypts it with an
21       issuance protection certificate, and outputs the encrypted  blob  which
22       could  be  stored  on  the  CA  for subsequent enrollment or revocation
23       activities by the user.
24
25       This tool can be run either by the user or by  the  administrator.   If
26       run  by  the user, the output (encrypted passphrase, i.e. shared token)
27       needs to be sent to the CA administrator to store on the CA; if run  by
28       the  CA  administrator, the passphrase itself needs to be passed to the
29       intended user.  It is outside of the scope of this  software  to  state
30       how  such  communication  takes  place.  It is up to the site policy to
31       decide which way best suits the deployment site.
32
33       For information on how the administrator would store the shared  tokens
34       on the CA, see Red Hat Certificate System Administrator's Guide.
35
36

OPTIONS

38       The following are supported options.
39
40       -d <database>
41              Path of directory to the NSS database. This option is required.
42
43
44       -h <token>
45              Security token name (default: internal)
46
47
48       -p <password>
49              Security token password.
50
51
52       -s <passphrase>
53              CMC enrollment passphrase (shared secret) (put in "" if contain‐
54              ing spaces)
55
56
57       -b <issuance protection cert>
58              PEM issuance protection certificate. Note: only one of the -b or
59              -n options should be used.
60
61
62       -n <issuance protection cert nickname>
63              PEM  issuance protection certificate on token. Note: only one of
64              the -b or -n options should be used.
65
66
67       -v     Run in verbose mode.
68
69

EXAMPLE

71       CMCSharedToken -d . -p myNSSPassword -s "just  another  good  day"   -o
72       cmcSharedTok2.b64 -n "subsystemCert cert-pki-tomcat"
73
74

AUTHORS

76       Christina Fu <cfu@redhat.com>.
77
78

80       Copyright (c) 2018 Red Hat, Inc. This is licensed under the GNU General
81       Public License, version 2 (GPLv2). A copy of this license is  available
82       at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
83
84

SEE ALSO

86       CMCRequest(1)
87
88
89
90version 10.5                    March 14, 2018               CMCSharedToken(1)
Impressum