AutoGen Definitions options; prog-name = p11tool; prog-title = "GnuTLS PKCS #11 tool"; prog-desc = "Program to handle PKCS #11 smart cards and security modules.\n"; help-value = "h"; detail = "Program that allows handling data from PKCS #11 smart cards and security modules. To use PKCS #11 tokens with gnutls the configuration file /etc/gnutls/pkcs11.conf has to exist and contain a number of lines of the form 'load=/usr/lib/opensc-pkcs11.so'. "; short-usage = "p11tool [options] [url]\np11tool --help for usage instructions.\n"; prog-group = "GnuTLS"; explain = ""; gnu-usage; reorder-args; no-xlate = opt; argument = "[url]"; no-misuse-usage; disable-save; long-opts; config-header = 'config.h'; export = '#include '; copyright = { date = "2000-2012"; owner = "Free Software Foundation"; author = "Nikos Mavrogiannopoulos, Simon Josefsson and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list."; eaddr = "bug-gnutls@gnu.org"; type = gpl; }; version = "@VERSION@"; flag = { name = debug; value = d; arg-type = number; arg-range = "0 -> 9999"; descrip = "Enable debugging."; doc = "Specifies the debug level."; }; flag = { name = list-tokens; descrip = "List all available tokens"; doc = ""; }; flag = { name = export; descrip = "Export the object specified by the URL"; doc = ""; }; flag = { name = list-mechanisms; descrip = "List all available mechanisms in a token"; doc = ""; }; flag = { name = list-all; descrip = "List all available objects in a token"; doc = ""; }; flag = { name = list-all-certs; descrip = "List all available certificates in a token"; doc = ""; }; flag = { name = list-certs; descrip = "List all certificates that have an associated private key"; doc = ""; }; flag = { name = list-all-privkeys; descrip = "List all available private keys in a token"; doc = ""; }; flag = { name = list-all-trusted; descrip = "List all available certificates marked as trusted"; doc = ""; }; flag = { name = initialize; descrip = "Initializes a PKCS #11 token"; doc = ""; }; flag = { name = write; descrip = "Writes the loaded objects to a PKCS #11 token"; doc = "It can be used to write private keys, certificates or secret keys to a token."; }; flag = { name = delete; descrip = "Deletes the objects matching the PKCS #11 URL"; doc = ""; }; flag = { name = generate-rsa; descrip = "Generates an RSA private-public key pair on the specified token"; doc = ""; }; flag = { name = generate-dsa; descrip = "Generates an RSA private-public key pair on the specified token"; doc = ""; }; flag = { name = generate-ecc; descrip = "Generates an RSA private-public key pair on the specified token"; doc = ""; }; flag = { name = label; arg-type = string; descrip = "Sets a label for the write operation"; doc = ""; }; flag = { name = trusted; disable = "no"; disabled; descrip = "Marks the object to be written as trusted"; doc = ""; }; flag = { name = private; disable = "no"; enabled; descrip = "Marks the object to be written as private"; doc = "The written object will require a PIN to be used."; }; flag = { name = login; descrip = "Force login to token"; disabled; disable = "no"; doc = ""; }; flag = { name = detailed-url; descrip = "Print detailed URLs"; disabled; disable = "no"; doc = ""; }; flag = { name = secret-key; arg-type = string; descrip = "Provide a hex encoded secret key"; doc = ""; }; flag = { name = load-privkey; arg-type = file; file-exists = yes; descrip = "Private key file to use"; doc = ""; }; flag = { name = load-pubkey; arg-type = file; file-exists = yes; descrip = "Public key file to use"; doc = ""; }; flag = { name = load-certificate; arg-type = file; file-exists = yes; descrip = "Certificate file to use"; doc = ""; }; flag = { name = pkcs8; value = 8; descrip = "Use PKCS #8 format for private keys"; doc = ""; }; flag = { name = bits; arg-type = number; descrip = "Specify the number of bits for key generate"; doc = ""; }; flag = { name = sec-param; arg-type = string; arg-name = "Security parameter"; descrip = "Specify the security level [low|legacy|normal|high|ultra]."; doc = "This is alternative to the bits option."; }; flag = { name = inder; descrip = "Use DER/RAW format for input certificates and private keys"; disabled; disable = "no"; doc = ""; }; flag = { name = inraw; aliases = inder; }; flag = { name = provider; arg-type = file; file-exists = yes; descrip = "Specify the PKCS #11 provider library"; doc = "This will override the default options in /etc/gnutls/pkcs11.conf"; }; flag = { name = outfile; arg-type = string; descrip = "Output file"; doc = ""; }; doc-section = { ds-type = 'SEE ALSO'; ds-format = 'texi'; ds-text = <<-_EOT_ certtool (1) _EOT_; }; doc-section = { ds-type = 'EXAMPLES'; ds-format = 'texi'; ds-text = <<-_EOT_ To view all tokens in your system use: @example $ p11tool --list-tokens @end example To view all objects in a token use: @example $ p11tool --login --list-all "pkcs11:TOKEN-URL" @end example To store a private key and a certificate in a token run: @example $ p11tool --login --write "pkcs11:URL" --load-privkey key.pem --label "Mykey" $ p11tool --login --write "pkcs11:URL" --load-certificate cert.pem --label "MyCert" @end example _EOT_; };