1NETKEY-TOOL(1)                   OpenSC Tools                   NETKEY-TOOL(1)
2
3
4

NAME

6       netkey-tool - administrative utility for Netkey E4 cards
7

SYNOPSIS

9       netkey-tool [OPTIONS] [COMMAND]
10

DESCRIPTION

12       The netkey-tool utility can be used from the command line to perform
13       some smart card operations with NetKey E4 cards that cannot be done
14       easily with other OpenSC-tools, such as changing local PINs, storing
15       certificates into empty NetKey E4 cert-files or displaying the initial
16       PUK-value.
17

OPTIONS

19       --help, -h
20           Displays a short help message.
21
22       --pin pin, -p pin
23           Specifies the current value of the global PIN.
24
25       --puk pin, -u pin
26           Specifies the current value of the global PUK.
27
28       --pin0 pin, -0 pin
29           Specifies the current value of the local PIN0 (aka local PIN).
30
31       --pin1 pin, -1 pin
32           Specifies the current value of the local PIN1 (aka local PUK).
33
34       --reader arg, -r arg
35           Number of the reader to use. By default, the first reader with a
36           present card is used. If arg is an ATR, the reader with a matching
37           card will be chosen.
38
39       -v
40           Causes netkey-tool to be more verbose. This options may be
41           specified multiple times to increase verbosity.
42

PIN FORMAT

44       With the -p, -u, -0 or the -1 one of the cards pins may be specified.
45       You may use plain ascii-strings (i.e. 123456) or a hex-string (i.e.
46       31:32:33:34:35:36). A hex-string must consist of exactly n 2-digit
47       hexnumbers separated by n-1 colons. Otherwise it will be interpreted as
48       an ascii string. For example :12:34: and 1:2:3:4 are both pins of
49       length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4.
50

COMMANDS

52       When used without any options or commands, netkey-tool will display
53       information about the smart cards pins and certificates. This will not
54       change your card in any aspect (assumed there are no bugs in
55       netkey-tool). In particular the tries-left counters of the pins are
56       investigated without doing actual pin-verifications.
57
58       If you specify the global PIN via the --pin option, netkey-tool will
59       also display the initial value of the cards global PUK. If your global
60       PUK was changed netkey-tool will still display its initial value.
61       There's no way to recover a lost global PUK once it was changed.
62       There's also no way to display the initial value of your global PUK
63       without knowing the current value of your global PIN.
64
65       For most of the commands that netkey-tool can execute, you have to
66       specify one pin. One notable exception is the nullpin command, but this
67       command can only be executed once in the lifetime of a NetKey E4 card.
68
69       cert number filename
70           This command will read one of your cards certificates (as specified
71           by number) and save this certificate into file filename in
72           PEM-format. Certificates on a NetKey E4 card are readable without a
73           pin, so you don't have to specify one.
74
75       cert filename number
76           This command will read the first PEM-encoded certificate from file
77           filename and store this into your smart cards certificate file
78           number. Some of your smart cards certificate files might be
79           readonly, so this will not work with all values of number. If a
80           certificate file is writable you must specify a pin in order to
81           change it. If you try to use this command without specifying a pin,
82           netkey-tool will tell you which one is needed.
83
84       change {pin | puk | pin0 | pin1} new-pin
85           This changes the value of the specified pin to the given new value.
86           You must specify either the current value of the pin or another pin
87           to be able to do this and if you don't specify a correct one,
88           netkey-tool will tell you which one is needed.
89
90       nullpin initial-pin
91           This command can be executed only if the global PIN of your card is
92           in nullpin-state. There's no way to return back to nullpin-state
93           once you have changed your global PIN. You don't need a pin to
94           execute the nullpin-command. After a successful nullpin-command
95           netkey-tool will display your cards initial PUK-value.
96
97       unblock {pin | pin0 | pin1}
98           This unblocks the specified pin. You must specify another pin to be
99           able to do this and if you don't specify a correct one, netkey-tool
100           will tell you which one is needed.
101

SEE ALSO

103       opensc-explorer(1)
104

AUTHORS

106       netkey-tool was written by Peter Koch <pk_opensc@web.de>.
107
108
109
110opensc                            08/08/2023                    NETKEY-TOOL(1)
Impressum