1PIV-TOOL(1) OpenSC Tools PIV-TOOL(1)
2
3
4
6 piv-tool - smart card utility for HSPD-12 PIV cards
7
9 piv-tool [OPTIONS]
10
11
12 The piv-tool utility can be used from the command line to perform
13 miscellaneous smart card operations on a HSPD-12 PIV smart card as
14 defined in NIST 800-73-3. It is intended for use with test cards only.
15 It can be used to load objects, and generate key pairs, as well as send
16 arbitrary APDU commands to a card after having authenticated to the
17 card using the card key provided by the card vendor.
18
20 --serial
21 Print the card serial number derived from the CHUID object, if any.
22 Output is in hex byte format.
23
24 --name, -n
25 Print the name of the inserted card (driver)
26
27 --admin argument, -A argument
28 Authenticate to the card using a 2DES or 3DES key. The argument of
29 the form
30
31 {A|M}:ref:alg
32
33 is required, were A uses "EXTERNAL AUTHENTICATION" and M uses
34 "MUTUAL AUTHENTICATION". ref is normally 9B, and alg is 03 for
35 3DES. The key is provided by the card vendor, and the environment
36 variable PIV_EXT_AUTH_KEY must point to a text file containing the
37 key in the format:
38 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
39
40 --genkey argument, -G argument
41 Generate a key pair on the card and output the public key. The
42 argument of the form
43
44 ref:alg
45
46 is required, where ref is 9A, 9C, 9D or 9E and alg is 06, 07, 11 or
47 14 for RSA 1024, RSA 2048, ECC 256 or ECC 384 respectively.
48
49 --object ContainerID, -O ContainerID
50 Load an object onto the card. The ContainerID is as defined in NIST
51 800-73-n without leading 0x. Example: CHUID object is 3000
52
53 --cert ref, -C ref
54 Load a certificate onto the card. ref is 9A, 9C, 9D or 9E
55
56 --compresscert ref, -Z ref
57 Load a certificate that has been gzipped onto the card. ref is 9A,
58 9C, 9D or 9E
59
60 --out file, -o file
61 Output file for any operation that produces output.
62
63 --in file, -i file
64 Input file for any operation that requires an input file.
65
66 --key-slots-discovery file
67 Print properties of the key slots. Needs 'admin' authentication.
68
69 --send-apdu apdu, -s apdu
70 Sends an arbitrary APDU to the card in the format
71 AA:BB:CC:DD:EE:FF.... This option may be repeated.
72
73 --reader num, -r num
74 Specify the reader to use. By default, the first reader with a
75 present card is used. If num is an ATR, the reader with a matching
76 card will be chosen.
77
78 --card-driver driver, -c driver
79 Use the given card driver. The default is auto-detected.
80
81 --wait, -w
82 Wait for a card to be inserted
83
84 --verbose, -v
85 Causes piv-tool to be more verbose. Specify this flag several times
86 to enable debug output in the opensc library.
87
89 opensc-tool(1)
90
92 piv-tool was written by Douglas E. Engert <deengert@gmail.com>.
93
94
95
96opensc 09/30/2019 PIV-TOOL(1)