1OPENSC-EXPLORER(1) OpenSC Tools OPENSC-EXPLORER(1)
2
3
4
6 opensc-explorer - generic interactive utility for accessing smart card
7 and similar security token functions
8
10 opensc-explorer [OPTIONS] [SCRIPT]
11
13 The opensc-explorer utility can be used to perform miscellaneous
14 operations such as exploring the contents of or sending arbitrary APDU
15 commands to a smart card or similar security token.
16
17 If a SCRIPT is given, opensc-explorer runs in non-interactive mode,
18 reading the commands from SCRIPT, one command per line. If no script is
19 given, opensc-explorer runs in interactive mode, reading commands from
20 standard input.
21
23 The following are the command-line options for opensc-explorer. There
24 are additional interactive commands available once it is running.
25
26 --card-driver driver, -c driver
27 Use the given card driver. The default is auto-detected.
28
29 --mf path, -m path
30 Select the file referenced by the given path on startup. The
31 default is the path to the standard master file, 3F00. If path is
32 empty (e.g. opensc-explorer --mf ""), then no file is explicitly
33 selected.
34
35 --reader arg, -r arg
36 Number of the reader to use. By default, the first reader with a
37 present card is used. If arg is an ATR, the reader with a matching
38 card will be chosen.
39
40 --verbose, -v
41 Cause opensc-explorer to be more verbose. Specify this flag several
42 times to enable debug output in the opensc library.
43
44 --wait, -w
45 Wait for a card to be inserted.
46
48 opensc-explorer supports commands with arguments at its interactive
49 prompt or in script files passed via the command line parameter SCRIPT.
50
51 Similar to a command shell like e.g. bash, each input line is split
52 into white-space separated words. Of these words, the first one is used
53 as the command, while the remaining ones are treated as arguments to
54 that command.
55
56 The following commands are supported:
57
58 # ...
59 Treat line as a comment. Ignore anything until the end of the line
60 introduced by #.
61
62 apdu data...
63 Send a custom APDU command to the card. data is a series of
64 sequences of hexadecimal values and strings enclosed in double
65 quotes ("...").
66
67 asn1 file-id
68 Parse and print the ASN.1 encoded content of the working EF
69 specified by file-id.
70
71 cat [file-id | sfi:short-id]
72 Print the contents of the working EF specified by file-id or the
73 short file id short-id. If no argument is given, print the the
74 contents of the currently selected EF.
75
76 cd {.. | file-id | aid:DF-name}
77 Change to another DF specified by the argument passed. If the
78 argument given is .., then move up one level in the file system
79 hierarchy. If it is a file-id, which must be a DF directly beneath
80 the current DF, then change to that DF. If it is an application
81 identifier given as aid:DF-name, then jump to the MF of the
82 application denoted by DF-name.
83
84 change CHVpin-ref [[old-pin] new-pin]
85 Change the PIN specified by pin-ref from the value given by old-pin
86 and change its value to new-pin.
87
88 old-pin and new-pin can be sequences of hexadecimal values, strings
89 enclosed in double quotes ("..."), empty (""), or absent. If
90 absent, the values are read from the card reader's pin pad.
91
92 Examples:
93
94 change CHV2 00:00:00:00:00:00 "foobar"
95 Change PIN CHV2 to the new value foobar, giving the old value
96 00:00:00:00:00:00.
97
98 change CHV2 "foobar"
99 Set PIN CHV2 to the new value foobar.
100
101 change CHV2
102 Change PIN CHV2 using the card reader's pinpad.
103
104
105 create file-id size
106 Create a new EF. file-id specifies the numeric id, and size the
107 size of the EF to create.
108
109 debug [level]
110 Set OpenSC debug level to level.
111
112 If level is omitted, show the current debug level.
113
114 delete file-id
115 Remove the EF or DF specified by file-id.
116
117 do_get hex-tag [output]
118 Copy the contents of the card's data object (DO) specified by
119 hex-tag to the local host computer's file named output.
120
121 If output is not given, the contents of hex-tag will be displayed
122 as hex-dump.
123
124 do_put hex-tag data
125 Change the contents of the card's data object (DO) specified by
126 hex-tag to data.
127
128 data is either a sequence of hexadecimal values or a string
129 enclosed in double quotes ("...").
130
131 echo string...
132 Print the strings given.
133
134 erase
135 Erase the card, if the card supports it.
136
137 get file-id [output]
138 Copy an EF to a local file. The local file is specified by output
139 while the card file is specified by file-id.
140
141 If output is omitted, the name of the output file will be derived
142 from the full card path to file-id.
143
144 help [pattern]
145 Display the list of available commands, their options and
146 parameters together with a short help text. If pattern is given,
147 the commands shown are limited to those matching pattern.
148
149 info [file-id]
150 Display attributes of a file specified by file-id. If file-id is
151 not supplied, the attributes of the current file are displayed.
152
153 ls [pattern...]
154 List files in the current DF. If no pattern is given, then all
155 files are listed. If one ore more patterns are given, only files
156 matching at least one pattern are listed.
157
158 find [start-id [end-id]]
159 Find all files in the current DF. Files are found by selecting all
160 file identifiers in the range from start-fid to end-fid.
161
162 If not given, the default value for start-fid is 0000, while the
163 default for end-fid is FFFF.
164
165 find_tags [start-tag [end-tag]]
166 Find all tags of data objects in the current context. Tags are
167 found by using GET DATA in the range from from start-tag to
168 end-tag.
169
170 If not given, the default value for start-tag is 0000, while the
171 default for end-tag is FFFF.
172
173 mkdir file-id size
174 Create a DF. file-id specifies the numeric id, and size the size
175 of the DF to create.
176
177 pin_info key-typekey-id
178 Get information on a PIN or key from the card, where key-type can
179 be one of CHV, KEY, AUT or PRO. key-id is a number representing
180 the key or PIN reference.
181
182 put file-id input
183 Copy a local file to the card. The local file is specified by input
184 while the card file is specified by file-id.
185
186 quit
187 Exit the program.
188
189 random count [output-file]
190 Generate count bytes of random data. If output-file is given, write
191 the data to the host computer's file denoted by it, otherwise show
192 the data as hex dump.
193
194 rm file-id
195 Remove the EF or DF specified by file-id.
196
197 unblock CHVpin-ref [puk [new-pin]]
198 Unblock the PIN denoted by pin-ref using the PUK puk, and
199 potentially change its value to new-pin.
200
201 puk and new-pin can be sequences of hexadecimal values, strings
202 enclosed in double quotes ("..."), empty (""), or absent. If
203 absent, the values are read from the card reader's pin pad.
204
205 Examples:
206
207 unblock CHV2 00:00:00:00:00:00 "foobar"
208 Unblock PIN CHV2 using PUK 00:00:00:00:00:00 and set it to the
209 new value foobar.
210
211 unblock CHV2 00:00:00:00:00:00 ""
212 Unblock PIN CHV2 using PUK 00:00:00:00:00:00 keeping the old
213 value.
214
215 unblock CHV2 "" "foobar"
216 Set new value of PIN CHV2 to foobar.
217
218 unblock CHV2 00:00:00:00:00:00
219 Unblock PIN CHV2 using PUK 00:00:00:00:00:00. The new PIN value
220 is prompted by pinpad.
221
222 unblock CHV2 ""
223 Set PIN CHV2. The new PIN value is prompted by pinpad.
224
225 unblock CHV2
226 Unblock PIN CHV2. The unblock code and new PIN value are
227 prompted by pinpad.
228
229
230 update_binary file-id offs data
231 Binary update of the file specified by file-id with the literal
232 data data starting from offset specified by offs.
233
234 data can be supplied as a sequence of hexadecimal values or as a
235 string enclosed in double quotes ("...").
236
237 update_record file-id rec-nr rec-offs data
238 Update record specified by rec-nr of the file specified by file-id
239 with the literal data data starting from offset specified by
240 rec-offs.
241
242 data can be supplied as a sequence of hexadecimal values or as a
243 string enclosed in double quotes ("...").
244
245 verify key-typekey-id [key]
246 Present a PIN or key to the card, where key-type can be one of CHV,
247 KEY, AUT or PRO. key-id is a number representing the key or PIN
248 reference. key is the key or PIN to be verified, formatted as a
249 colon-separated sequence of hexadecimal values or a string enclosed
250 in double quotes ("...").
251
252 If key is omitted, the exact action depends on the card reader's
253 features: if the card readers supports PIN input via a pin pad,
254 then the PIN will be verified using the card reader's pin pad. If
255 the card reader does not support PIN input, then the PIN will be
256 asked interactively.
257
258 Examples:
259
260 verify CHV2 31:32:33:34:00:00:00:00
261 Verify CHV2 using the hex value 31:32:33:34:00:00:00:00
262
263 verify CHV1 "secret"
264 Verify CHV1 using the string value secret.
265
266 verify KEY2
267 Verify KEY2, get the value from the card reader's pin pad.
268
269
270 sm {open | close}
271 Call the card's open or close Secure Messaging handler.
272
274 opensc-tool(1)
275
277 opensc-explorer was written by Juha Yrjölä <juha.yrjola@iki.fi>.
278
279
280
281opensc 02/10/2020 OPENSC-EXPLORER(1)