1PIV-TOOL(1)                      OpenSC Tools                      PIV-TOOL(1)
2
3
4

NAME

6       piv-tool - smart card utility for HSPD-12 PIV cards
7

SYNOPSIS

9       piv-tool [OPTIONS]
10
11
12       The piv-tool utility can be used from the command line to perform
13       miscellaneous smart card operations on a HSPD-12 PIV smart card as
14       defined in NIST 800-73-3. It is intended for use with test cards only.
15       It can be used to load objects, and generate key pairs, as well as send
16       arbitrary APDU commands to a card after having authenticated to the
17       card using the card key provided by the card vendor.
18

OPTIONS

20       --serial
21           Print the card serial number derived from the CHUID object, if any.
22           Output is in hex byte format.
23
24       --name, -n
25           Print the name of the inserted card (driver)
26
27       --admin argument, -A argument
28           Authenticate to the card using a 2DES, 3DES or AES key. The
29           argument of the form
30
31                {A|M}:ref:alg
32
33           is required, were A uses "EXTERNAL AUTHENTICATION" and M uses
34           "MUTUAL AUTHENTICATION".  ref is normally 9B, and alg is 03 for
35           3DES, 01 for 2DES, 08 for AES-128, 0A for AES-192 or 0C for
36           AES-256. The key is provided by the card vendor. The environment
37           variable PIV_EXT_AUTH_KEY must point to either a binary file
38           matching the length of the key or a text file containing the key in
39           the format:
40           XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
41
42       --genkey argument, -G argument
43           Generate a key pair on the card and output the public key. The
44           argument of the form
45
46               ref:alg
47
48           is required, where ref is 9A, 9C, 9D or 9E and alg is 06, 07, 11 or
49           14 for RSA 1024, RSA 2048, ECC 256 or ECC 384 respectively.
50
51       --object ContainerID, -O ContainerID
52           Load an object onto the card. The ContainerID is as defined in NIST
53           800-73-n without leading 0x. Example: CHUID object is 3000
54
55       --cert ref, -C ref
56           Load a certificate onto the card.  ref is 9A, 9C, 9D or 9E
57
58       --compresscert ref, -Z ref
59           Load a certificate that has been gzipped onto the card.  ref is 9A,
60           9C, 9D or 9E
61
62       --out file, -o file
63           Output file for any operation that produces output.
64
65       --in file, -i file
66           Input file for any operation that requires an input file.
67
68       --key-slots-discovery file
69           Print properties of the key slots. Needs 'admin' authentication.
70
71       --send-apdu apdu, -s apdu
72           Sends an arbitrary APDU to the card in the format
73           AA:BB:CC:DD:EE:FF.... This option may be repeated.
74
75       --reader arg, -r arg
76           Number of the reader to use. By default, the first reader with a
77           present card is used. If arg is an ATR, the reader with a matching
78           card will be chosen.
79
80       --wait, -w
81           Wait for a card to be inserted
82
83       --verbose, -v
84           Causes piv-tool to be more verbose. Specify this flag several times
85           to enable debug output in the opensc library.
86

SEE ALSO

88       opensc-tool(1)
89

AUTHORS

91       piv-tool was written by Douglas E. Engert <deengert@gmail.com>.
92
93
94
95opensc                            05/02/2022                       PIV-TOOL(1)
Impressum