|
Packit |
8681c6 |
.TH P11SAK 1 "May 2020" "@PACKAGE_VERSION@" "openCryptoki"
|
|
Packit |
8681c6 |
.SH NAME
|
|
Packit |
8681c6 |
p11sak \- generate and list token keys in an openCryptoki token repository.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.SH SYNOPSIS
|
|
Packit |
8681c6 |
.B p11sak
|
|
Packit |
8681c6 |
.I command
|
|
Packit |
8681c6 |
.RI [ ARGS ]
|
|
Packit |
8681c6 |
.RB [ OPTIONS ]
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.B p11sak
|
|
Packit |
8681c6 |
.BR \-\-help | \-h
|
|
Packit |
8681c6 |
.br
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
.SH DESCRIPTION
|
|
Packit Service |
8aa27d |
.B p11sak can be used to generate, list and delete the token keys in an openCryptoki token repository.
|
|
Packit |
8681c6 |
The utility provides a flexible key management tool in openCryptoki to list and generate symmetric (DES; 3DES, AES) and asymetric (RSA, EC) keys.
|
|
Packit |
8681c6 |
This tool is especially capable of a well defined listing of keys with their PKCS #11 attributes.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.SH COMMANDS
|
|
Packit Service |
8aa27d |
The \fBp11sak\fP tool can operate in three modes: when command
|
|
Packit |
8681c6 |
.I generate-key
|
|
Packit |
8681c6 |
is specified, it operates in the mode to generate a token key in the openCryptoki token repository.
|
|
Packit Service |
8aa27d |
If command
|
|
Packit |
8681c6 |
.I list-key
|
|
Packit |
8681c6 |
is given, it lists the keys specified in the arguments.
|
|
Packit Service |
8aa27d |
If command
|
|
Packit Service |
8aa27d |
.I remove-key
|
|
Packit Service |
8aa27d |
is given, it removes the keys specified in the arguments.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.SS "generate-key"
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
Use the
|
|
Packit |
8681c6 |
.B generate-key|gen-key|gen
|
|
Packit |
8681c6 |
command and key argument to generate a token key with the respective
|
|
Packit |
8681c6 |
.RI [ ARGS ]
|
|
Packit |
8681c6 |
and
|
|
Packit |
8681c6 |
.RB [ OPTIONS ].
|
|
Packit |
8681c6 |
The
|
|
Packit |
8681c6 |
.BR \-\-help | \-h
|
|
Packit |
8681c6 |
option will show the arguments and options available.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.SS "list-key"
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
Use the
|
|
Packit |
8681c6 |
.B list-key|ls-key|ls
|
|
Packit |
8681c6 |
command and key argument to list token keys given the respective
|
|
Packit |
8681c6 |
.RI [ ARGS ]
|
|
Packit |
8681c6 |
and
|
|
Packit |
8681c6 |
.RB [ OPTIONS ].
|
|
Packit |
8681c6 |
The
|
|
Packit |
8681c6 |
.BR \-\-help | \-h
|
|
Packit |
8681c6 |
option will show the arguments and options available.
|
|
Packit Service |
8aa27d |
.
|
|
Packit Service |
8aa27d |
.PP
|
|
Packit Service |
8aa27d |
.SS "list-key"
|
|
Packit Service |
8aa27d |
.PP
|
|
Packit Service |
8aa27d |
Use the
|
|
Packit Service |
8aa27d |
.B remove-key|rm-key|rm
|
|
Packit Service |
8aa27d |
command and key argument to delete token keys given the respective
|
|
Packit Service |
8aa27d |
.RI [ ARGS ]
|
|
Packit Service |
8aa27d |
and
|
|
Packit Service |
8aa27d |
.RB [ OPTIONS ].
|
|
Packit Service |
8aa27d |
The
|
|
Packit Service |
8aa27d |
.BR \-\-help | \-h
|
|
Packit Service |
8aa27d |
option will show the arguments and options available.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.SS "Generating DES/3DES keys"
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.B p11sak
|
|
Packit |
8681c6 |
.BR generate-key | gen-key | gen
|
|
Packit |
8681c6 |
.BR des | 3des
|
|
Packit |
8681c6 |
.B \-\-slot
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
.B \-\-pin
|
|
Packit |
8681c6 |
.IR PIN
|
|
Packit |
8681c6 |
.B \-\-label
|
|
Packit |
8681c6 |
.IR LABEL
|
|
Packit |
8681c6 |
.B \-\-attr
|
|
Packit |
8681c6 |
.IR [M R L S E D G V W U A X N T]
|
|
Packit |
8681c6 |
.B \-\-help | \-h
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
Use the
|
|
Packit |
8681c6 |
.B generate-key
|
|
Packit |
8681c6 |
command with the
|
|
Packit |
8681c6 |
.B des|3des
|
|
Packit |
8681c6 |
key argument to generate a DES or 3DES key. The
|
|
Packit |
8681c6 |
.B \-\-slot
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
and
|
|
Packit |
8681c6 |
.B \-\-pin
|
|
Packit |
8681c6 |
.IR PIN
|
|
Packit |
8681c6 |
options are required to set the token to
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
and the token PIN. The
|
|
Packit |
8681c6 |
.B \-\-label
|
|
Packit |
8681c6 |
option allows the user to set the
|
|
Packit |
8681c6 |
.IR LABEL
|
|
Packit |
8681c6 |
attribute of the key and
|
|
Packit |
8681c6 |
.B \-\-attr
|
|
Packit |
8681c6 |
.IR [M R L S E D G V W U A X N T]
|
|
Packit |
8681c6 |
can be used to set the binary attributes of the key (see below for detailed description of the attributes).
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.SS "Generating AES keys"
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.B p11sak
|
|
Packit |
8681c6 |
.BR generate-key | gen-key | gen
|
|
Packit |
8681c6 |
.BR aes
|
|
Packit |
8681c6 |
.BR 128 | 192 | 256
|
|
Packit |
8681c6 |
.B \-\-slot
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
.B \-\-pin
|
|
Packit |
8681c6 |
.IR PIN
|
|
Packit |
8681c6 |
.B \-\-label
|
|
Packit |
8681c6 |
.IR LABEL
|
|
Packit |
8681c6 |
.B \-\-attr
|
|
Packit |
8681c6 |
.IR [M R L S E D G V W U A X N T]
|
|
Packit |
8681c6 |
.B \-\-help | \-h
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
Use the
|
|
Packit |
8681c6 |
.B generate-key
|
|
Packit |
8681c6 |
.B aes
|
|
Packit |
8681c6 |
.B 128|192|256
|
|
Packit |
8681c6 |
command and key argument to generate a AES key with 128, 192 or 256 bit length, respectively. The
|
|
Packit |
8681c6 |
.B \-\-slot
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
and
|
|
Packit |
8681c6 |
.B \-\-pin
|
|
Packit |
8681c6 |
.IR PIN
|
|
Packit |
8681c6 |
options are required to set the token to
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
and the token PIN. The
|
|
Packit |
8681c6 |
.B \-\-label
|
|
Packit |
8681c6 |
option allows the user to set the
|
|
Packit |
8681c6 |
.IR LABEL
|
|
Packit |
8681c6 |
attribute of the key and
|
|
Packit |
8681c6 |
.B \-\-attr
|
|
Packit |
8681c6 |
.IR [M R L S E D G V W U A X N T]
|
|
Packit |
8681c6 |
can be used to set the binary attributes of the key (see below for detailed description of the attributes).
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.SS "Generating RSA keys"
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.B p11sak
|
|
Packit |
8681c6 |
.BR generate-key | gen-key | gen
|
|
Packit |
8681c6 |
.BR rsa
|
|
Packit |
8681c6 |
.BR 1024 | 2048 | 4096
|
|
Packit |
8681c6 |
.B \-\-slot
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
.B \-\-pin
|
|
Packit |
8681c6 |
.IR PIN
|
|
Packit |
8681c6 |
.B \-\-label
|
|
Packit |
8681c6 |
.IR LABEL
|
|
Packit |
8681c6 |
.B \-\-exponent
|
|
Packit |
8681c6 |
.IR EXP
|
|
Packit |
8681c6 |
.B \-\-attr
|
|
Packit |
8681c6 |
.IR [M R L S E D G V W U A X N T]
|
|
Packit |
8681c6 |
.B \-\-help | \-h
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
Use the
|
|
Packit |
8681c6 |
.B generate-key
|
|
Packit |
8681c6 |
.B rsa
|
|
Packit |
8681c6 |
.B 1024|2048|4096
|
|
Packit |
8681c6 |
command and key argument to generate a 1024, 2048 or 4096 bit RSA key, respectively. The
|
|
Packit |
8681c6 |
.B \-\-slot
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
and
|
|
Packit |
8681c6 |
.B \-\-pin
|
|
Packit |
8681c6 |
.IR PIN
|
|
Packit |
8681c6 |
options are required to set the token to
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
and the token PIN. The
|
|
Packit |
8681c6 |
.B \-\-label
|
|
Packit |
8681c6 |
option allows the user to set the
|
|
Packit |
8681c6 |
.IR LABEL
|
|
Packit |
8681c6 |
attribute of the key and
|
|
Packit |
8681c6 |
.B \-\-attr
|
|
Packit |
8681c6 |
.IR [M R L S E D G V W U A X N T]
|
|
Packit |
8681c6 |
can be used to set the binary attributes of the key (see below for detailed description of the attributes). Furthermore, the
|
|
Packit |
8681c6 |
.B \-\-exponent
|
|
Packit |
8681c6 |
.IR EXP
|
|
Packit |
8681c6 |
options allows the user to specify the exponent used for generating the RSA key. The default is set to 65537 according to the PKCS #11 standard.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.SS "Generating EC keys"
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.B p11sak
|
|
Packit |
8681c6 |
.BR generate-key | gen-key | gen
|
|
Packit |
8681c6 |
.BR ec
|
|
Packit |
8681c6 |
.BR CURVE
|
|
Packit |
8681c6 |
.B \-\-slot
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
.B \-\-pin
|
|
Packit |
8681c6 |
.IR PIN
|
|
Packit |
8681c6 |
.B \-\-label
|
|
Packit |
8681c6 |
.IR LABEL
|
|
Packit |
8681c6 |
.B \-\-attr
|
|
Packit |
8681c6 |
.IR [M R L S E D G V W U A X N T]
|
|
Packit |
8681c6 |
.B \-\-help | \-h
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
Use the
|
|
Packit |
8681c6 |
.B generate-key
|
|
Packit |
8681c6 |
.B ec
|
|
Packit |
8681c6 |
.B CURVE
|
|
Packit |
8681c6 |
command and key argument to generate an EC key, where
|
|
Packit |
8681c6 |
.I CURVE
|
|
Packit |
8681c6 |
specifies the eliptic curve used to create the EC key. The following arguments can be used for respective curves:
|
|
Packit |
8681c6 |
.B prime256v1 | prime192 | secp224 | secp384r1 | secp521r1 | secp265k1 | brainpoolP160r1 | brainpoolP160t1
|
|
Packit |
8681c6 |
.B | brainpoolP192r1 | brainpoolP192t1 | brainpoolP224r1 | brainpoolP224t1 | brainpoolP256r1 | brainpoolP256t1
|
|
Packit |
8681c6 |
.B | brainpoolP320r1 | brainpoolP320t1 | brainpoolP384r1 | brainpoolP384t1 | brainpoolP512r1 | brainpoolP512t1
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.B Note:
|
|
Packit |
8681c6 |
not all curves will be supported by all tokens and key generation will fail when the specified
|
|
Packit |
8681c6 |
.I CURVE
|
|
Packit |
8681c6 |
is not supported. The
|
|
Packit |
8681c6 |
.B \-\-slot
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
and
|
|
Packit |
8681c6 |
.B \-\-pin
|
|
Packit |
8681c6 |
.IR PIN
|
|
Packit |
8681c6 |
options are required to set the token to
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
and the token PIN. The
|
|
Packit |
8681c6 |
.B \-\-label
|
|
Packit |
8681c6 |
option allows the user to set the
|
|
Packit |
8681c6 |
.IR LABEL
|
|
Packit |
8681c6 |
attribute of the key and
|
|
Packit |
8681c6 |
.B \-\-attr
|
|
Packit |
8681c6 |
.IR [M R L S E D G V W U A X N T]
|
|
Packit |
8681c6 |
can be used to set the binary attributes of the key (see below for detailed description of the attributes).
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.SS "Listing symmetric and asymmetric keys"
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.B p11sak
|
|
Packit |
8681c6 |
.BR list-key | ls-key | ls
|
|
Packit |
8681c6 |
.BR des | 3des | aes | rsa | ec | public | private | secret
|
|
Packit |
8681c6 |
.B \-\-slot
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
.B \-\-pin
|
|
Packit |
8681c6 |
.IR PIN
|
|
Packit |
8681c6 |
.B \-\-long | \-l
|
|
Packit |
8681c6 |
.B \-\-help | \-h
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
Use the
|
|
Packit |
8681c6 |
.B list-key | ls-key | ls
|
|
Packit |
8681c6 |
command and key argument to list DES, 3DES, AES, RSA or EC keys, respectively. Public, private or secret keys can also be listed irrespective of key type.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.PP
|
|
Packit Service |
8aa27d |
.SS "Deleting symmetric and asymmetric keys"
|
|
Packit Service |
8aa27d |
.
|
|
Packit Service |
8aa27d |
.B p11sak
|
|
Packit Service |
8aa27d |
.BR remove-key | rm-key | rm
|
|
Packit Service |
8aa27d |
.BR des | 3des | aes | rsa | ec
|
|
Packit Service |
8aa27d |
.B \-\-slot
|
|
Packit Service |
8aa27d |
.IR SLOTID
|
|
Packit Service |
8aa27d |
.B \-\-pin
|
|
Packit Service |
8aa27d |
.IR PIN
|
|
Packit Service |
8aa27d |
.B \-\-label
|
|
Packit Service |
8aa27d |
.IR LABEL
|
|
Packit Service |
8aa27d |
.B \-\-force | \-f
|
|
Packit Service |
8aa27d |
.B \-\-help | \-h
|
|
Packit Service |
8aa27d |
.PP
|
|
Packit Service |
8aa27d |
Use the
|
|
Packit Service |
8aa27d |
.B remove-key | rm-key | rm
|
|
Packit Service |
8aa27d |
command and key argument to delete DES, 3DES, AES, RSA or EC keys, respectively. All specified cipher keys will be promted to be deleted unless
|
|
Packit Service |
8aa27d |
a specific key with the
|
|
Packit Service |
8aa27d |
.B \-\-label
|
|
Packit Service |
8aa27d |
.IR LABEL
|
|
Packit Service |
8aa27d |
argument is selected. The user will be promted to confirm the deletion of the key. To suppress the promt, use the
|
|
Packit Service |
8aa27d |
.B \-\-force | \-f
|
|
Packit Service |
8aa27d |
option.
|
|
Packit Service |
8aa27d |
.
|
|
Packit Service |
8aa27d |
.PP
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.SH ARGS
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.SS "des | 3des | aes | rsa | ec | public | private | secret"
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
selects the respective symmetric or asymetric key to be generated or listed. The
|
|
Packit |
8681c6 |
.B public|private|secret
|
|
Packit |
8681c6 |
argument can only be used with the
|
|
Packit |
8681c6 |
.B list-key
|
|
Packit |
8681c6 |
command to list either public, private or secret keys.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.SS "128|192|256"
|
|
Packit |
8681c6 |
the
|
|
Packit |
8681c6 |
.B aes
|
|
Packit |
8681c6 |
argument has to be followed by either 128, 192 or 256 to set the respective key bit length of the AES key.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.SS "1024|2048|4096"
|
|
Packit |
8681c6 |
the
|
|
Packit |
8681c6 |
.B rsa
|
|
Packit |
8681c6 |
argument has to be followed by either 1024, 2048 or 4096 to set the respective key bit length of the RSA key.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.SS "prime256v1 | prime192 | secp224 | secp384r1 | secp521r1 | secp265k1 | brainpoolP160r1 | brainpoolP160t1 | brainpoolP192r1 | brainpoolP192t1 | brainpoolP224r1 | brainpoolP224t1 | brainpoolP256r1 | brainpoolP256t1 | brainpoolP320r1 | brainpoolP320t1 | brainpoolP384r1 | brainpoolP384t1 | brainpoolP512r1 | brainpoolP512t1"
|
|
Packit |
8681c6 |
the
|
|
Packit |
8681c6 |
.B ec
|
|
Packit |
8681c6 |
argument has to be followed by either of these
|
|
Packit |
8681c6 |
.I CURVE
|
|
Packit |
8681c6 |
to select the EC curve used to generate the key.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
.SH OPTIONS
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
.SS "\-\-slot SLOTID"
|
|
Packit |
8681c6 |
sets the token to
|
|
Packit |
8681c6 |
.IR SLOTID
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.SS "\-\-pin PIN"
|
|
Packit |
8681c6 |
sets the token PIN to
|
|
Packit |
8681c6 |
.IR PIN
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.SS "\-\-label LABEL"
|
|
Packit |
8681c6 |
sets the key label attribute to
|
|
Packit |
8681c6 |
.IR LABEL
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.SS "\-\-exponent EXP"
|
|
Packit |
8681c6 |
sets the RSA exponent to
|
|
Packit |
8681c6 |
.IR EXP
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.SS "\-\-attr [M R L S E D G V W U A X N T]"
|
|
Packit |
8681c6 |
sets the binary attributes of a key.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.B Note:
|
|
Packit |
8681c6 |
not all binary attributes are applicable to all keys and will be omitted if not applicable.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
The attributes are set to
|
|
Packit |
8681c6 |
.B FALSE
|
|
Packit |
8681c6 |
by default and switched to
|
|
Packit |
8681c6 |
.B TRUE
|
|
Packit |
8681c6 |
when the letter that is associated with the given binary attribute is specified. The following letters are associated with the respective
|
|
Packit |
8681c6 |
.B CK_ATTRIBUTE:
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B M
|
|
Packit |
8681c6 |
- CKA_MODIFIABLE
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B R
|
|
Packit |
8681c6 |
- CKA_DERIVE
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B L
|
|
Packit |
8681c6 |
- CKA_LOCAL
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B S
|
|
Packit |
8681c6 |
- CKA_SENSITIVE
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B E
|
|
Packit |
8681c6 |
- CKA_ENCRYPT
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B D
|
|
Packit |
8681c6 |
- CKA_DECRYPT
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B G
|
|
Packit |
8681c6 |
- CKA_SIGN
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B V
|
|
Packit |
8681c6 |
- CKA_VERIFY
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B W
|
|
Packit |
8681c6 |
- CKA_WRAP
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B U
|
|
Packit |
8681c6 |
- CKA_UNWRAP
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B A
|
|
Packit |
8681c6 |
- CKA_ALWAYS_SENSITIVE
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B X
|
|
Packit |
8681c6 |
- CKA_EXTRACTABLE
|
|
Packit |
8681c6 |
.IP "\(bu" 2
|
|
Packit |
8681c6 |
.B N
|
|
Packit |
8681c6 |
- CKA_NEVER_EXTRACTABLE
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
CKA_TOKEN and CKA_PRIVATE are set by default to
|
|
Packit |
8681c6 |
.B TRUE.
|
|
Packit |
8681c6 |
For multiple attributes, combine the letters in a string without white space, e. g. 'MLD'.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.SS "\-\-long | \-l"
|
|
Packit |
8681c6 |
prints the
|
|
Packit |
8681c6 |
.B list-key
|
|
Packit |
8681c6 |
output in long format. If omitted, the output is in a short, tabular format.
|
|
Packit |
8681c6 |
.PP
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit |
8681c6 |
.
|
|
Packit Service |
8aa27d |
.SS "\-\-force | \-f"
|
|
Packit Service |
8aa27d |
to be used with the
|
|
Packit Service |
8aa27d |
.B remove-key
|
|
Packit Service |
8aa27d |
command to suppress the promt whether the user wants to delete the specified keys.
|
|
Packit Service |
8aa27d |
.PP
|
|
Packit Service |
8aa27d |
.
|
|
Packit Service |
8aa27d |
.
|
|
Packit Service |
8aa27d |
.
|
|
Packit |
8681c6 |
.SS "\-\-help | \-h"
|
|
Packit |
8681c6 |
prints help for the usage of
|
|
Packit |
8681c6 |
.B p11sak
|
|
Packit |
8681c6 |
and/or the respective command.
|
|
Packit |
8681c6 |
.PP
|