1NETKEY-TOOL(1) OpenSC Tools NETKEY-TOOL(1)
2
3
4
6 netkey-tool - administrative utility for Netkey E4 cards
7
9 netkey-tool [OPTIONS] [COMMAND]
10
12 The netkey-tool utility can be used from the command line to perform
13 some smart card operations with NetKey E4 cards that cannot be done
14 easily with other OpenSC-tools, such as changing local PINs, storing
15 certificates into empty NetKey E4 cert-files or displaying the initial
16 PUK-value.
17
19 --help, -h
20 Displays a short help message.
21
22 --pin pin-value, -p pin-value
23 Specifies the current value of the global PIN.
24
25 --puk pin-value, -u pin-value
26 Specifies the current value of the global PUK.
27
28 --pin0 pin-value, -0 pin-value
29 Specifies the current value of the local PIN0 (aka local PIN).
30
31 --pin1 pin-value, -1 pin-value
32 Specifies the current value of the local PIN1 (aka local PUK).
33
34 --reader number, -r number
35 Use smart card in specified reader. Default is reader 0.
36
37 -v
38 Causes netkey-tool to be more verbose. This options may be
39 specified multiple times to increase verbosity.
40
42 With the -p, -u, -0 or the -1 one of the cards pins may be specified.
43 You may use plain ascii-strings (i.e. 123456) or a hex-string (i.e.
44 31:32:33:34:35:36). A hex-string must consists of exacly n 2-digit
45 hexnumbers separated by n-1 colons. Otherwise it will be interpreted as
46 an ascii string. For example :12:34: and 1:2:3:4 are both pins of
47 length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4.
48
50 When used without any options or commands, netkey-tool will display
51 information about the smart cards pins and certificates. This will not
52 change your card in any aspect (assumed there are no bugs in
53 netkey-tool). In particular the tries-left counters of the pins are
54 investigated without doing actual pin-verifications.
55
56 If you specify the global PIN via the --pin option, netkey-tool will
57 also display the initial value of the cards global PUK. If your global
58 PUK was changed netkey-tool will still display its initial value.
59 There's no way to recover a lost global PUK once it was changed.
60 There's also no way to display the initial value of your global PUK
61 without knowing the current value of your global PIN.
62
63 For most of the commands that netkey-tool can execute, you have to
64 specify one pin. One notable exeption is the nullpin command, but this
65 command can only be executed once in the lifetime of a NetKey E4 card.
66
67 cert number filename
68 This command will read one of your cards certificates (as specified
69 by number) and save this certificate into file filename in
70 PEM-format. Certificates on a NetKey E4 card are readable without a
71 pin, so you don't have to specify one.
72
73 cert filename number
74 This command will read the first PEM-encoded certificate from file
75 filename and store this into your smart cards certificate file
76 number. Some of your smart cards certificate files might be
77 readonly, so this will not work with all values of number. If a
78 certificate file is writable you must specify a pin in order to
79 change it. If you try to use this command without specifying a pin,
80 netkey-tool will tell you which one is needed.
81
82 change { pin | puk | pin0 | pin1 } new-pin
83 This changes the value of the specified pin to the given new value.
84 You must specify either the current value of the pin or another pin
85 to be able to do this and if you don't specify a correct one,
86 netkey-tool will tell you which one is needed.
87
88 nullpin initial-pin
89 This command can be executed only if the global PIN of your card is
90 in nullpin-state. There's no way to return back to nullpin-state
91 once you have changed your global PIN. You don't need a pin to
92 execute the nullpin-command. After a succesfull nullpin-command
93 netkey-tool will display your cards initial PUK-value.
94
95 unblock { pin | pin0 | pin1 }
96 This unblocks the specified pin. You must specify another pin to be
97 able to do this and if you don't specify a correct one, netkey-tool
98 will tell you which one is needed.
99
101 opensc-explorer(1)
102
104 netkey-tool was written by Peter Koch <pk_opensc@web.de>.
105
106
107
108opensc 10/30/2018 NETKEY-TOOL(1)