summaryrefslogtreecommitdiff
path: root/doc/nroff/pk12util.1
diff options
context:
space:
mode:
Diffstat (limited to 'doc/nroff/pk12util.1')
-rw-r--r--doc/nroff/pk12util.1127
1 files changed, 68 insertions, 59 deletions
diff --git a/doc/nroff/pk12util.1 b/doc/nroff/pk12util.1
index 55ae2e6f1..c4fa972c0 100644
--- a/doc/nroff/pk12util.1
+++ b/doc/nroff/pk12util.1
@@ -2,12 +2,12 @@
.\" Title: PK12UTIL
.\" Author: [see the "Authors" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 12 November 2013
+.\" Date: 5 June 2014
.\" Manual: NSS Security Tools
.\" Source: nss-tools
.\" Language: English
.\"
-.TH "PK12UTIL" "1" "12 November 2013" "nss-tools" "NSS Security Tools"
+.TH "PK12UTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
pk12util \- Export and import keys and certificate to or from a PKCS #12 file and the NSS database
.SH "SYNOPSIS"
.HP \w'\fBpk12util\fR\ 'u
-\fBpk12util\fR [\-i\ p12File\ [\-h\ tokenname]\ [\-v]\ [common\-options]] [\-l\ p12File\ [\-h\ tokenname]\ [\-r]\ [common\-options]] [\-o\ p12File\ \-n\ certname\ [\-c\ keyCipher]\ [\-C\ certCipher]\ [\-m|\-\-key_len\ keyLen]\ [\-n|\-\-cert_key_len\ certKeyLen]\ [common\-options]] [common\-options\ are:\ [\-d\ [sql:]directory]\ [\-P\ dbprefix]\ [\-k\ slotPasswordFile|\-K\ slotPassword]\ [\-w\ p12filePasswordFile|\-W\ p12filePassword]]
+\fBpk12util\fR [\-i\ p12File|\-l\ p12File|\-o\ p12File] [\-d\ [sql:]directory] [\-h\ tokenname] [\-P\ dbprefix] [\-r] [\-v] [\-k\ slotPasswordFile|\-K\ slotPassword] [\-w\ p12filePasswordFile|\-W\ p12filePassword]
.SH "STATUS"
.PP
This documentation is still work in progress\&. Please contribute to the initial review in
@@ -61,9 +61,14 @@ Export keys and certificates from the security database to a PKCS#12 file\&.
.PP
\fBArguments\fR
.PP
-\-n certname
+\-c keyCipher
.RS 4
-Specify the nickname of the cert and private key to export\&.
+Specify the key encryption algorithm\&.
+.RE
+.PP
+\-C certCipher
+.RS 4
+Specify the key cert (overall package) encryption algorithm\&.
.RE
.PP
\-d [sql:]directory
@@ -80,21 +85,11 @@ pkcs11\&.txt)\&. If the prefix
is not used, then the tool assumes that the given databases are in the old format\&.
.RE
.PP
-\-P prefix
-.RS 4
-Specify the prefix used on the certificate and key databases\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&.
-.RE
-.PP
\-h tokenname
.RS 4
Specify the name of the token to import into or export from\&.
.RE
.PP
-\-v
-.RS 4
-Enable debug logging when importing\&.
-.RE
-.PP
\-k slotPasswordFile
.RS 4
Specify the text file containing the slot\*(Aqs password\&.
@@ -105,39 +100,44 @@ Specify the text file containing the slot\*(Aqs password\&.
Specify the slot\*(Aqs password\&.
.RE
.PP
-\-w p12filePasswordFile
+\-m | \-\-key\-len keyLength
.RS 4
-Specify the text file containing the pkcs #12 file password\&.
+Specify the desired length of the symmetric key to be used to encrypt the private key\&.
.RE
.PP
-\-W p12filePassword
+\-n | \-\-cert\-key\-len certKeyLength
.RS 4
-Specify the pkcs #12 file password\&.
+Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta\-data\&.
.RE
.PP
-\-c keyCipher
+\-n certname
.RS 4
-Specify the key encryption algorithm\&.
+Specify the nickname of the cert and private key to export\&.
.RE
.PP
-\-C certCipher
+\-P prefix
.RS 4
-Specify the key cert (overall package) encryption algorithm\&.
+Specify the prefix used on the certificate and key databases\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&.
.RE
.PP
-\-m | \-\-key\-len keyLength
+\-r
.RS 4
-Specify the desired length of the symmetric key to be used to encrypt the private key\&.
+Dumps all of the data in raw (binary) form\&. This must be saved as a DER file\&. The default is to return information in a pretty\-print ASCII format, which displays the information about the certificates and public keys in the p12 file\&.
.RE
.PP
-\-n | \-\-cert\-key\-len certKeyLength
+\-v
.RS 4
-Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta\-data\&.
+Enable debug logging when importing\&.
.RE
.PP
-\-r
+\-w p12filePasswordFile
.RS 4
-Dumps all of the data in raw (binary) form\&. This must be saved as a DER file\&. The default is to return information in a pretty\-print ASCII format, which displays the information about the certificates and public keys in the p12 file\&.
+Specify the text file containing the pkcs #12 file password\&.
+.RE
+.PP
+\-W p12filePassword
+.RS 4
+Specify the pkcs #12 file password\&.
.RE
.SH "RETURN CODES"
.sp
@@ -437,18 +437,12 @@ for importing a certificate or key is the PKCS#12 input file (\fB\-i\fR) and som
for a directory or
\fB\-h\fR
for a token)\&.
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
+.PP
pk12util \-i p12File [\-h tokenname] [\-v] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword]
-.fi
-.if n \{\
-.RE
-.\}
.PP
For example:
+.PP
+
.sp
.if n \{\
.RS 4
@@ -474,16 +468,8 @@ pk12util: PKCS12 IMPORT SUCCESSFUL
Using the
\fBpk12util\fR
command to export certificates and keys requires both the name of the certificate to extract from the database (\fB\-n\fR) and the PKCS#12\-formatted output file to write to\&. There are optional parameters that can be used to encrypt the file to protect the certificate material\&.
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
+.PP
pk12util \-o p12File \-n certname [\-c keyCipher] [\-C certCipher] [\-m|\-\-key_len keyLen] [\-n|\-\-cert_key_len certKeyLen] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword]
-.fi
-.if n \{\
-.RE
-.\}
.PP
For example:
.sp
@@ -506,16 +492,8 @@ The information in a
file are not human\-readable\&. The certificates and keys in the file can be printed (listed) in a human\-readable pretty\-print format that shows information for every certificate and any public keys in the
\&.p12
file\&.
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
+.PP
pk12util \-l p12File [\-h tokenname] [\-r] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword]
-.fi
-.if n \{\
-.RE
-.\}
.PP
For example, this prints the default ASCII output:
.sp
@@ -542,7 +520,7 @@ Certificate:
Issuer: "E=personal\-freemail@thawte\&.com,CN=Thawte Personal Freemail C
A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T
own,ST=Western Cape,C=ZA"
-\&.\&.\&.\&.
+
.fi
.if n \{\
.RE
@@ -561,7 +539,7 @@ file000N\&.der, incrementing the number for every certificate:
.RS 4
.\}
.nf
-# pk12util \-l test\&.p12 \-r
+pk12util \-l test\&.p12 \-r
Enter password for PKCS12 file:
Key(shrouded):
Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID
@@ -574,6 +552,7 @@ Key(shrouded):
Certificate Friendly Name: Thawte Personal Freemail Issuing CA \- Thawte Consulting
Certificate Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID
+
.fi
.if n \{\
.RE
@@ -592,7 +571,17 @@ Several types of ciphers are supported\&.
.PP
Symmetric CBC ciphers for PKCS#5 V2
.RS 4
-DES_CBC
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+DES\-CBC
+.RE
.sp
.RS 4
.ie n \{\
@@ -696,7 +685,17 @@ CAMELLIA\-256\-CBC
.PP
PKCS#12 PBE ciphers
.RS 4
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
PKCS #12 PBE with Sha1 and 128 Bit RC4
+.RE
.sp
.RS 4
.ie n \{\
@@ -811,7 +810,17 @@ PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC
.PP
PKCS#5 PBE ciphers
.RS 4
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
PKCS #5 Password Based Encryption with MD2 and DES CBC
+.RE
.sp
.RS 4
.ie n \{\
View Lorry Controller Status