1p11tool(1) General Commands Manual p11tool(1)
2
3
4
6 p11tool - Manipulate PKCS #11 tokens.
7
9 p11tool [options]
10
12 Export/import data from PKCS #11 tokens. To use PKCS #11 tokens with
13 gnutls the configuration file /etc/gnutls/pkcs11.conf has to exist and
14 contain a number of lines of the form "load=/usr/lib/opensc-pkcs11.so".
15
17 Program control options
18 -d, --debug LEVEL
19 Specify the debug level. Default is 1.
20
21 -h, --help
22 Shows this help text
23
24
25 Generic options
26 --login
27 Force login to the token for the intended operation.
28
29 --provider MODULE
30 In addition to /etc/gnutls/pkcs11.conf, load the specified mod‐
31 ule.
32
33 --outfile FILE
34 Print output to FILE.
35
36 --inder, --inraw
37 Input is DER formatted.
38
39
40 Getting information on available X.509 certificates
41 --list-tokens
42 Prints all available tokens.
43
44 --initialize URL
45 Initializes (formats) the specified by the URL token. Note that
46 several tokens do not support this fascility.
47
48
49 Getting information on available X.509 certificates
50 --list-all-certs
51 Prints all available certificates.
52
53 --list-certs
54 Prints all certificates that have a corresponding private key
55 stored in the token.
56
57 --list-trusted
58 Prints all certificates that have been marked as trusted.
59
60
61 Getting information on private keys
62 --list-privkeys
63 Prints all available private keys.
64
65
66 Handling generic objects
67 --export URL
68 Exports the object (e.g. certificate) specified by the URL.
69
70 --delete URL
71 Deletes the object specified by the URL. Note that several
72 tokens do not support deletion.
73
74 --detailed-url
75 When printing URLs print them in a detailed (to the PKCS #11
76 module used) form.
77
78 --no-detailed-url
79 When printing URLs, do not print details on the module used.
80
81
82 Storing objects
83 --write URL
84 Flag to set when writing an object. Requires one of
85 --load-privkey, --load-pubkey, --load-certificate or
86 --secret-key options.
87
88 --load-privkey
89 Load a private key for the write operations.
90
91 --load-pubkey
92 Load an X.509 subjectPublicKey for the write operation.
93
94 --load-certificate
95 Load an X.509 certificate for the write operation.
96
97 --secret-key
98 Specify a hex encoded secret key for the write operation.
99
100 --trusted
101 The object stored will be marked as trusted.
102
103 --label
104 The label of the object stored.
105
106
107 Controlling output
108 -8, --pkcs8
109 Use PKCS #8 format for private keys.
110
111
113 To store a private key and certificate, run:
114
115 $ p11tool --login --write "pkcs11:XXX" --load-privkey key.pem --label "MyKey"
116 $ p11tool --login --write "pkcs11:XXX" --load-certificate cert.pem --label "MyCert"
117
118 To view all objects in a token, use:
119
120 $ p11tool --login --list-all
121
122
124 Nikos Mavrogiannopoulos <nmav@gnutls.org> and others; see
125 /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
126
127
128
129 November 11th 2010 p11tool(1)