diff options
Diffstat (limited to 'security/nss/cmd/modutil/specification.html')
-rw-r--r-- | security/nss/cmd/modutil/specification.html | 354 |
1 files changed, 0 insertions, 354 deletions
diff --git a/security/nss/cmd/modutil/specification.html b/security/nss/cmd/modutil/specification.html deleted file mode 100644 index 9ab09627d..000000000 --- a/security/nss/cmd/modutil/specification.html +++ /dev/null @@ -1,354 +0,0 @@ -<html> -<!-- ***** BEGIN LICENSE BLOCK ***** - - Version: MPL 1.1/GPL 2.0/LGPL 2.1 - - - - The contents of this file are subject to the Mozilla Public License Version - - 1.1 (the "License"); you may not use this file except in compliance with - - the License. You may obtain a copy of the License at - - http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS IS" basis, - - WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - - for the specific language governing rights and limitations under the - - License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is - - Netscape Communications Corporation. - - Portions created by the Initial Developer are Copyright (C) 1994-2000 - - the Initial Developer. All Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the terms of - - either the GNU General Public License Version 2 or later (the "GPL"), or - - the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - - in which case the provisions of the GPL or the LGPL are applicable instead - - of those above. If you wish to allow use of your version of this file only - - under the terms of either the GPL or the LGPL, and not to allow others to - - use your version of this file under the terms of the MPL, indicate your - - decision by deleting the provisions above and replace them with the notice - - and other provisions required by the GPL or the LGPL. If you do not delete - - the provisions above, a recipient may use your version of this file under - - the terms of any one of the MPL, the GPL or the LGPL. - - - - ***** END LICENSE BLOCK ***** --> -<head> -<title>Modutil Specification</title> -</head> -<body bgcolor=white fgcolor=black> -<center><h1>PKCS #11 Module Management Utility -<br><i>Specification</i></h1></center> - -<!----------------------------------------------------------------------> -<!-------------------------- capabilities ------------------------------> -<!----------------------------------------------------------------------> -<h2>Capabilities</h2> -<ul> -<li>Add a PKCS #11 module, specifying a name and library file. -(<a href="#add">-add</a>) -<li>Add a PKCS #11 module from a server-formatted JAR file. -(<a href="#jar">-jar</a>) -<li>Change the password on or initialize a token. -(<a href="#changepw">-changepw</a>) -<li>Create databases (secmod[ule].db, key3.db, cert7.db) from scratch. -(<a href="#create">-create</a>) -<li>Switch to and from FIPS-140-1 compliant mode. -(<a href="#fips">-fips</a>) -<li>Delete a PKCS #11 module. (<a href="#delete">-delete</a>) -<li>List installed PKCS #11 modules. (<a href="#list">-list</a>) -<li>List detailed info on a particular module and its tokens, including -whether needs login, is hardware, needs user init -(<a href="#list">-list</a>) -<li>Specify which modules should be the default provider of various -cryptographic operations.(<a href="#default">-default</a>, -<a href="#undefault">-undefault</a>) -<li>Disable and enable slots, find out whether and why they are disabled. -(<a href="#disable">-disable</a>, <a href="#enable">-enable</a>, -<a href="#list">-list</a>) -</ul> - -<hr> - -<!----------------------------------------------------------------------> -<!-------------------------- Usage -------------------------------------> -<!----------------------------------------------------------------------> -<h2>Usage</h2> -<code>modutil [<i>command</i>] [<i>options</i>]</code> -<p>At most one command can be specified. With no arguments, -<code>modutil</code> prints a usage message. -<h3>Commands:</h3> -<table border> -<tr bgcolor="#cccccc"> -<th>Command</th><th>Description</th> -</tr> - -<!---------------------------- -add ------------------------------> -<tr> -<td> <a name="add"></a> -<code>-add <u><i>module name</i></u> -libfile <u><i>library file</i></u> - [-ciphers <u><i>cipher enable list</i></u>] - [-mechanisms <u><i>default mechanism list</i></u>] -</code></td> -<td>Adds a new module to the database with the given name. - -<p><u><i>library file</i></u> is the path of the DLL or other library file -containing the module's implementation of the PKCS #11 interface. - -<p><u><i>cipher enable flags</i></u> is a colon-separated list of ciphers -that will be enabled on this module. The list should be enclosed within quotes -if necessary to prevent shell interpretation. The following ciphers are -currently available: -<ul> -<li>FORTEZZA -</ul> - -<p><u><i>default mechanism flags</i></u> is a colon-separated list of -mechanisms for which this module should be the default provider. The -list should be enclosed within quotes if necessary to prevent shell -interpretation. <b>This -list does not enable the mechanisms; it only specifies that this module -will be a default provider for the listed mechanisms.</b> If more than -one module claims to be a default provider for a given mechanism, it is -undefined which will actually be chosen to provide that mechanism. The -following mechanisms are currently available: -<ul> -<li>RSA -<li>DSA -<li>RC2 -<li>RC4 -<li>RC5 -<li>DES -<li>DH -<li>FORTEZZA -<li>SHA1 -<li>MD5 -<li>MD2 -<li>RANDOM <i>(random number generation)</i> -<li>FRIENDLY <i>(certificates are publicly-readable)</i> -</ul> -</td> -</tr> - -<!-------------------------- -changepw -------------------------------------> -<tr> -<td><a name="changepw"></a><code>-changepw <u><i>token name</i></u> -[-pwfile <u><i>old password file</i></u>] -[-newpwfile <u><i>new password file</i></u>]</code></td> -<td>Changes the password on the named token. If the token has not been -initialized, this command will initialize the PIN. -If a password file is given, the password will be read from that file; -otherwise, the password will be obtained interactively. -<b>Storing passwords in a file is much less secure than supplying them -interactively.</b> -<p>The password on the Netscape internal module cannot be changed if -the <code>-nocertdb</code> option is specified. -</td> -</tr> - -<!-------------------------- -create -------------------------------------> -<tr> -<td><a name="create"></a><code>-create</code></td> -<td>Creates a new secmod[ule].db, key3.db, and cert7.db in the directory -specified with the -<code>-dbdir</code> option, if one is specified. If no directory is -specified, UNIX systems will use the user's .netscape directory, while other -systems will return with an error message. If any of these databases already -exist in the chosen directory, an error message is returned. -<p>If used with <code>-nocertdb</code>, only secmod[ule].db will be created; -cert7.db and key3.db will not be created. -</td> -</tr> - -<!------------------------------ -default --------------------------------> -<tr> -<td> <a name="default"></a> <code>-default <u><i>module name</i></u> --mechanisms <u><i>mechanism list</i></u></code> -</td> -<td>Specifies that the given module will be a default provider of the -listed mechanisms. The mechanism list is the same as in the <code>-add</code> -command. -</td> -</tr> - -<!-------------------------- -delete -------------------------------------> -<tr> -<td><a name="delete"></a><code>-delete <u><i>module name</i></u></code></td> -<td>Deletes the named module from the database</td> -</tr> - -<!-------------------------- -disable -------------------------------------> -<tr> -<td> <a name="disable"></a> <code>-disable <u><i>module name</i></u> -[-slot <u><i>slot name</i></u>]</code></td> -<td>Disables the named slot. If no slot is specified, all slots on -the module are disabled.</td> -</tr> - -<!-------------------------- -enable -------------------------------------> -<tr> -<td> <a name="enable"></a> <code>-enable <u><i>module name</i></u> -[-slot <u><i>slot name</i></u>]</code></td> -<td>Enables the named slot. If no slot is specified, all slots on -the module are enabled.</td> -</tr> - -<!-------------------------- -fips -------------------------------------> -<tr> -<td><a name="fips"></a><code>-fips [true | false]</code></td> -<td>Enables or disables FIPS mode on the internal module. Passing -<code>true</code> enables FIPS mode, passing <code>false</code> disables -FIPS mode.</td> -</tr> - -<!-------------------------- -force -------------------------------------> -<tr> -<td><a name="force"></a><code>-force</code></td> -<td>Disables interactive prompts, so modutil can be run in a script. -Should only be used by experts, since the prompts may relate to security -or database integrity. Before using this option, test the command -interactively once to see the warnings that are produced.</td> -</tr> - -<!-------------------------- -jar -------------------------------------> -<tr> -<td><a name="jar"></a><code>-jar <u><i>JAR file</i></u> --installdir <u><i>root installation directory</i></u> -[-tempdir <u><i>temporary directory</i></u>]</code></td> -<td>Adds a new module from the given JAR file. The JAR file uses the -server <a href="pk11jar.html">PKCS #11 JAR format</a> to describe the names of -any files that need to be installed, the name of the module, mechanism flags, -and cipher flags. The <u><i>root installation directory</i></u> -is the directory relative to which files will be installed. This should be a - directory -under which it would be natural to store dynamic library files, such as -a server's root directory, or Communicator's root directory. -The <u><i>temporary directory</i></u> is where temporary modutil files -will be created in the course of the installation. If no temporary directory -is specified, the current directory will be used. -<p>If used with the <code>-nocertdb</code> option, the signatures on the JAR -file will not be checked.</td> -</tr> - -<!----------------------------- -list ------------------------------> -<tr> -<td><a name="list"></a><code>-list [<u><i>module name</i></u>]</code></td> -<td>Without an argument, lists the PKCS #11 modules present in the module -database. -<blockquote> -<pre> -% <b>modutil -list</b> -Using database directory /u/nicolson/.netscape... - -Listing of PKCS #11 Modules ------------------------------------------------------------ - 1. Netscape Internal PKCS #11 Module - slots: 2 slots attached - status: loaded - - slot: Communicator Internal Cryptographic Services Version 4.0 - token: Communicator Generic Crypto Svcs - - slot: Communicator User Private Key and Certificate Services - token: Communicator Certificate DB ------------------------------------------------------------ -</pre> -</blockquote> -<p>With an argument, provides a detailed description of the named module -and its slots and tokens. -<blockquote> -<pre> -% <b>modutil -list "Netscape Internal PKCS #11 Module"</b> -Using database directory /u/nicolson/.netscape... - ------------------------------------------------------------ -Name: Netscape Internal PKCS #11 Module -Library file: **Internal ONLY module** -Manufacturer: Netscape Communications Corp -Description: Communicator Internal Crypto Svc -PKCS #11 Version 2.0 -Library Version: 4.0 -Cipher Enable Flags: None -Default Mechanism Flags: RSA:DSA:RC2:RC4:DES:SHA1:MD5:MD2 - - Slot: Communicator Internal Cryptographic Services Version 4.0 - Manufacturer: Netscape Communications Corp - Type: Software - Version Number: 4.1 - Firmware Version: 0.0 - Status: Enabled - Token Name: Communicator Generic Crypto Svcs - Token Manufacturer: Netscape Communications Corp - Token Model: Libsec 4.0 - Token Serial Number: 0000000000000000 - Token Version: 4.0 - Token Firmware Version: 0.0 - Access: Write Protected - Login Type: Public (no login required) - User Pin: NOT Initialized - - Slot: Communicator User Private Key and Certificate Services - Manufacturer: Netscape Communications Corp - Type: Software - Version Number: 3.0 - Firmware Version: 0.0 - Status: Enabled - Token Name: Communicator Certificate DB - Token Manufacturer: Netscape Communications Corp - Token Model: Libsec 4.0 - Token Serial Number: 0000000000000000 - Token Version: 7.0 - Token Firmware Version: 0.0 - Access: NOT Write Protected - Login Type: Login required - User Pin: Initialized - ------------------------------------------------------------ -</pre> -</blockquote> -</td> -</tr> - -<!------------------------------ Undefault -------------------------------> -<tr> -<td><a name="undefault"></a><code>-undefault <u><i>module name</i></u> --mechanisms <u><i>mechanism list</i></u></code></td> -<td>Specifies that the given module will NOT be a default provider of -the listed mechanisms. This command clears the default mechanism flags -for the given module.</td> -</tr> - -</table> - -<!------------------------------------------------------------------------> -<!------------------------------ Options ---------------------------------> -<!------------------------------------------------------------------------> -<h3>Options:</h3> -<table border> -<tr bgcolor="#cccccc"><th>Option</th><th>Description</th> </tr> - -<!------------------------------ -dbdir ----------------------------------> -<tr> -<td><code>-dbdir <u><i>directory</i></u></code></td> -<td>Specifies which directory holds the module database. On UNIX systems, -the user's netscape directory is the default. On other systems, there is -no default, and this option must be used.</td> -</tr> - -<!------------------------------ -dbdir ----------------------------------> -<tr> -<td><code>-nocertdb</code></td> -<td>Do not open the certificate or key databases. This has several effects. -With the <code>-create</code> command, this means that only a secmod.db file -will be created; cert7.db and key3.db will not be created. With the -<code>-jar</code> command, signatures on the JAR file will not be checked. -With the <code>-changepw</code> command, the password on the Netscape internal -module cannot be set or changed, since this password is stored in key3.db. -</td> -</tr> - -</table> - -</body> -</html> |