From 0010600abd68d1fcd6273d6073c5c0b35ed6de11 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 26 Jun 2014 14:22:16 +0200 Subject: p11tool: updated documentation --- src/p11tool-args.def | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/p11tool-args.def b/src/p11tool-args.def index d588fb5980..3a79cac8ac 100644 --- a/src/p11tool-args.def +++ b/src/p11tool-args.def @@ -2,14 +2,15 @@ AutoGen Definitions options; prog-name = p11tool; prog-title = "GnuTLS PKCS #11 tool"; prog-desc = "Program to handle PKCS #11 smart cards and security modules.\n"; -detail = "Program that allows handling data from PKCS #11 smart cards +detail = "Program that allows operations on PKCS #11 smart cards and security modules. -To use PKCS #11 tokens with gnutls the configuration file -/etc/gnutls/pkcs11.conf has to exist and contain a number of lines of the form 'load=/usr/lib/opensc-pkcs11.so'. -Alternatively the p11-kit configuration files have to be setup. +To use PKCS #11 tokens with GnuTLS the p11-kit configuration files need to be setup. +That is create a .conf file in /etc/pkcs11/modules with the contents 'module: /path/to/pkcs11.so'. +Alternatively the configuration file /etc/gnutls/pkcs11.conf has to exist and contain a number +of lines of the form 'load=/usr/lib/opensc-pkcs11.so'. -To provide the PIN for all the operations below use the environment variable +You can provide the PIN to be used for the PKCS #11 operations with the environment variable GNUTLS_PIN. "; @@ -314,7 +315,7 @@ $ p11tool --login --generate-rsa --bits 1024 --label "MyNewKey" \ --outfile MyNewKey.pub "pkcs11:TOKEN-URL" @end example The bits parameter in the above example is explicitly set because some -tokens only support a limited number of bits. The output file is the +tokens only support limited choices in the bit length. The output file is the corresponding public key. This key can be used to general a certificate request with certtool. @example -- cgit v1.2.1