path: root/doc/invoke-p11tool.texi

@node p11tool Invocation
@subsection Invoking p11tool
@pindex p11tool
@ignore
#  -*- buffer-read-only: t -*- vi: set ro:
# 
# DO NOT EDIT THIS FILE   (invoke-p11tool.texi)
# 
# It has been AutoGen-ed  December 29, 2012 at 01:00:45 PM by AutoGen 5.12
# From the definitions    ../src/p11tool-args.def
# and the template file   agtexi-cmd.tpl
@end ignore

Program that allows handling data from PKCS #11 smart cards
and security modules. 

To use PKCS #11 tokens with gnutls the configuration file 
/etc/gnutls/pkcs11.conf has to exist and contain a number of lines of the form 'load=/usr/lib/opensc-pkcs11.so'.


This section was generated by @strong{AutoGen},
using the @code{agtexi-cmd} template and the option descriptions for the @code{p11tool} program.

This software is released under the GNU General Public License.


@anchor{p11tool usage}
@subsubheading p11tool usage help (-?)

This is the automatically generated usage text for p11tool:

@exampleindent 0
@example
p11tool is unavailable - no --help
@end example
@exampleindent 4

@anchor{p11tool bits}
@subsubheading bits option

This is the ``specify the number of bits for key generate'' option.


@anchor{p11tool debug}
@subsubheading debug option (-d)

This is the ``enable debugging.'' option.
Specifies the debug level.

@anchor{p11tool delete}
@subsubheading delete option

This is the ``deletes the objects matching the pkcs #11 url'' option.


@anchor{p11tool detailed-url}
@subsubheading detailed-url option

This is the ``print detailed urls'' option.


@anchor{p11tool export}
@subsubheading export option

This is the ``export the object specified by the url'' option.


@anchor{p11tool generate-dsa}
@subsubheading generate-dsa option

This is the ``generate an rsa private-public key pair'' option.
Generates an RSA private-public key pair on the specified token.

@anchor{p11tool generate-ecc}
@subsubheading generate-ecc option

This is the ``generate an rsa private-public key pair'' option.
Generates an RSA private-public key pair on the specified token.

@anchor{p11tool generate-rsa}
@subsubheading generate-rsa option

This is the ``generate an rsa private-public key pair'' option.
Generates an RSA private-public key pair on the specified token.

@anchor{p11tool inder}
@subsubheading inder option

This is the ``use der/raw format for input'' option.
Use DER/RAW format for input certificates and private keys.

@anchor{p11tool initialize}
@subsubheading initialize option

This is the ``initializes a pkcs #11 token'' option.


@anchor{p11tool inraw}
@subsubheading inraw option

This is the ``'' option.
This option has no @samp{doc} documentation.

@anchor{p11tool label}
@subsubheading label option

This is the ``sets a label for the write operation'' option.


@anchor{p11tool list-all}
@subsubheading list-all option

This is the ``list all available objects in a token'' option.


@anchor{p11tool list-all-certs}
@subsubheading list-all-certs option

This is the ``list all available certificates in a token'' option.


@anchor{p11tool list-all-privkeys}
@subsubheading list-all-privkeys option

This is the ``list all available private keys in a token'' option.


@anchor{p11tool list-all-trusted}
@subsubheading list-all-trusted option

This is the ``list all available certificates marked as trusted'' option.


@anchor{p11tool list-certs}
@subsubheading list-certs option

This is the ``list all certificates that have an associated private key'' option.


@anchor{p11tool list-mechanisms}
@subsubheading list-mechanisms option

This is the ``list all available mechanisms in a token'' option.


@anchor{p11tool list-tokens}
@subsubheading list-tokens option

This is the ``list all available tokens'' option.


@anchor{p11tool load-certificate}
@subsubheading load-certificate option

This is the ``certificate file to use'' option.


@anchor{p11tool load-privkey}
@subsubheading load-privkey option

This is the ``private key file to use'' option.


@anchor{p11tool load-pubkey}
@subsubheading load-pubkey option

This is the ``public key file to use'' option.


@anchor{p11tool login}
@subsubheading login option

This is the ``force login to token'' option.


@anchor{p11tool outfile}
@subsubheading outfile option

This is the ``output file'' option.


@anchor{p11tool pkcs8}
@subsubheading pkcs8 option (-8)

This is the ``use pkcs #8 format for private keys'' option.


@anchor{p11tool private}
@subsubheading private option

This is the ``marks the object to be written as private'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
is enabled by default.
@end itemize

The written object will require a PIN to be used.

@anchor{p11tool provider}
@subsubheading provider option

This is the ``specify the pkcs #11 provider library'' option.
This will override the default options in /etc/gnutls/pkcs11.conf

@anchor{p11tool sec-param}
@subsubheading sec-param option

This is the ``specify the security level'' option.
This is alternative to the bits option. Available options are [low, legacy, normal, high, ultra].

@anchor{p11tool secret-key}
@subsubheading secret-key option

This is the ``provide a hex encoded secret key'' option.


@anchor{p11tool trusted}
@subsubheading trusted option

This is the ``marks the object to be written as trusted'' option.


@anchor{p11tool write}
@subsubheading write option

This is the ``writes the loaded objects to a pkcs #11 token'' option.
It can be used to write private keys, certificates or secret keys to a token.

@anchor{p11tool exit status}
@subsubheading p11tool exit status

One of the following exit values will be returned:
@table @samp
@item 0
Successful program execution.
@item 1
The operation failed or the command syntax was not valid.
@end table


@anchor{p11tool See Also}
@subsubheading p11tool See Also


@anchor{p11tool Examples}
@subsubheading p11tool Examples