p11tool(1)

1p11tool(1)                  General Commands Manual                 p11tool(1)
2
3
4

NAME

6       p11tool - Manipulate PKCS #11 tokens.
7

SYNOPSIS

9       p11tool [options]
10

DESCRIPTION

12       Export/import  data  from  PKCS #11 tokens. To use PKCS #11 tokens with
13       gnutls the configuration file /etc/gnutls/pkcs11.conf has to exist  and
14       contain a number of lines of the form "load=/usr/lib/opensc-pkcs11.so".
15

OPTIONS

17   Program control options
18       -d, --debug LEVEL
19              Specify the debug level. Default is 1.
20
21       -h, --help
22              Shows this help text
23
24
25   Generic options
26       --login
27              Force login to the token for the intended operation.
28
29       --provider MODULE
30              In  addition to /etc/gnutls/pkcs11.conf, load the specified mod‐
31              ule.
32
33       --outfile FILE
34              Print output to FILE.
35
36       --inder, --inraw
37              Input is DER formatted.
38
39
40   Getting information on available X.509 certificates
41       --list-tokens
42              Prints all available tokens.
43
44       --initialize URL
45              Initializes (formats) the specified by the URL token. Note  that
46              several tokens do not support this fascility.
47
48
49   Getting information on available X.509 certificates
50       --list-all-certs
51              Prints all available certificates.
52
53       --list-certs
54              Prints  all  certificates  that have a corresponding private key
55              stored in the token.
56
57       --list-trusted
58              Prints all certificates that have been marked as trusted.
59
60
61   Getting information on private keys
62       --list-privkeys
63              Prints all available private keys.
64
65
66   Handling generic objects
67       --export URL
68              Exports the object (e.g. certificate) specified by the URL.
69
70       --delete URL
71              Deletes the object specified  by  the  URL.  Note  that  several
72              tokens do not support deletion.
73
74       --detailed-url
75              When  printing  URLs  print  them in a detailed (to the PKCS #11
76              module used) form.
77
78       --no-detailed-url
79              When printing URLs, do not print details on the module used.
80
81
82   Storing objects
83       --write URL
84              Flag  to  set  when  writing  an   object.   Requires   one   of
85              --load-privkey,     --load-pubkey,     --load-certificate     or
86              --secret-key options.
87
88       --load-privkey
89              Load a private key for the write operations.
90
91       --load-pubkey
92              Load an X.509 subjectPublicKey for the write operation.
93
94       --load-certificate
95              Load an X.509 certificate for the write operation.
96
97       --secret-key
98              Specify a hex encoded secret key for the write operation.
99
100       --trusted
101              The object stored will be marked as trusted.
102
103       --label
104              The label of the object stored.
105
106
107   Controlling output
108       -8, --pkcs8
109              Use PKCS #8 format for private keys.
110
111

EXAMPLES

113       To store a private key and certificate, run:
114
115              $ p11tool --login --write "pkcs11:XXX"  --load-privkey key.pem --label "MyKey"
116              $ p11tool --login --write "pkcs11:XXX"  --load-certificate cert.pem --label "MyCert"
117
118       To view all objects in a token, use:
119
120              $ p11tool --login --list-all
121
122

AUTHOR

124       Nikos   Mavrogiannopoulos    <nmav@gnutls.org>    and    others;    see
125       /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
126
127
128
129                              November 11th 2010                    p11tool(1)