1QCATOOL(1) Qt Cryptographic Architecture (QCA) QCATOOL(1)
2
6 qcatool - command line tool for the Qt Cryptographic Architecture
7
10 qcatool is a command line tool for performing various cryptographic
11 operations with the Qt Cryptographic Architecture (QCA). qcatool can
12 also be used for testing and debugging QCA.
13
16 qcatool has a range of options and commands. You only ever get to use
17 one command, but you may use several, one or no options.
18
21 As noted above, these are all optional, and may be combined.
22 --pass=PASSWORD
24 Specify the password to use. This is probably a bad idea except
25 for testing, because anyone can read the arguments to a command
26 line application.
27 --newpass=PASSWORD
29 Specify the new password to use for password change with the key
30 changepass and keybundle changepass commands. This is probably
31 a bad idea except for testing, because anyone can read the argu‐
32 ments to a command line application.
33 --nonroots=CERTIFICATES
35 Specify additional certificates, not trusted, but which may be
36 used in the trust path if appropriate trust can be established.
37 --roots=CERTIFICATES
39 Specify additional certificates which can be used as trusted
40 (root) certificates.
41 --nosys
43 Disable use of the standard root certificates that are provided
44 by the operating system.
45 --noprompt
47 Disable prompting for passwords/passphrases. If you do not pro‐
48 vide the passphrase on the command line (with --pass or --new‐
49 pass) this will cause qcatool to abort the command if a pass‐
50 word/passphrase is required.
51 --ordered
53 If outputting certificate information fields (Distinguished Name
54 and Subject Alternative Name), show them in same the order that
55 they are present in the certificate rather than in a friendly
56 sorted order.
57 --debug
59 Enable additional output to aid debugging.
60 --log-file=FILENAME
62 Log to the specified file.
63 --log-level=LEVEL
65 Log at the specified level. The log level can be between 0
66 (none) and 8 (most).
67 --nobundle
69 When S/MIME signing, do not bundle the signer's certificate
70 chain inside the signature. This results in a smaller signature
71 output, but requires the recipient to have all of the necessary
72 certificates in order to verify it.
73
76 help, --help, -h
77 Output usage (help) information.
78 version, --version, -v
80 Output version information.
81 plugins
83 List available plugins. Use the --debug option to get more
84 information on plugins which are found and which ones actually
85 loaded.
86 config save [provider]
88 Save provider configuration. Use this to have the provider's
89 default configuration written to persistent storage, which you
90 can then edit by hand.
91 config edit [provider]
93 Edit provider configuration. The changes are written to persis‐
94 tent storage.
95 key make rsa|dsa [bits]
97 Create a key pair
98 key changepass [K]
100 Add/change/remove passphrase of a key
101 cert makereq [K]
103 Create certificate request (CSR)
104 cert makeself [K]
106 Create self-signed certificate
107 cert makereqadv [K]
109 Advanced version of 'makereq'
110 cert makeselfadv [K]
112 Advanced version of 'makeself'
113 cert validate [C]
115 Validate certificate
116 keybundle make [K] [C]
118 Create a keybundle
119 keybundle extract [X]
121 Extract certificate(s) and key
122 keybundle changepass [X]
124 Change passphrase of a keybundle
125 keystore list-stores
127 List all available keystores
128 keystore list [storeName]
130 List content of a keystore
131 keystore monitor
133 Monitor for keystore availability
134 keystore export [E]
136 Export a keystore entry's content
137 keystore exportref [E]
139 Export a keystore entry reference
140 keystore addkb [storeName] [cert.p12]
142 Add a keybundle into a keystore
143 keystore addpgp [storeName] [key.asc]
145 Add a PGP key into a keystore
146 keystore remove [E]
148 Remove an object from a keystore
149 show cert [C]
151 Examine a certificate
152 show req [req.pem]
154 Examine a certificate request (CSR)
155 show crl [crl.pem]
157 Examine a certificate revocation list
158 show kb [X]
160 Examine a keybundle
161 show pgp [P|S]
163 Examine a PGP key
164 message sign pgp|pgpdetach|smime [X|S]
166 Sign a message
167 message encrypt pgp|smime [C|P]
169 Encrypt a message
170 message signencrypt [S] [P]
172 PGP sign & encrypt a message
173 message verify pgp|smime
175 Verify a message
176 message decrypt pgp|smime ((X) ...)
178 Decrypt a message (S/MIME needs X)
179 message exportcerts
181 Export certs from S/MIME message
182
185 The arguments to the commands are as follows.
186 K = private key.
188 C = certificate.
190 X = key bundle.
192 P = PGP public key.
194 S = PGP secret key.
196 E = generic entry.
198 These must be identified by either a filename or a keystore reference
200 ("store:obj").
201
204 qcatool was written by Justin Karneges as part of QCA. This manual page
205 was written by Brad Hards.
206qcatool 1.0.0 August 2007 QCATOOL(1)