Provided by: p11-kit_0.25.0-4ubuntu1_amd64 bug

NAME
       p11-kit - Tool for operating on configured PKCS#11 modules


SYNOPSIS
       p11-kit list-modules

       p11-kit list-profiles ...

       p11-kit add-profile ...

       p11-kit delete-profile ...

       p11-kit print-config

       p11-kit extract ...

       p11-kit server ...


DESCRIPTION
       p11-kit is a command line tool that can be used to perform operations on PKCS#11 modules
       configured on the system.

       See the various sub commands below. The following global options can be used:

       -v, --verbose
           Run in verbose mode with debug output.

       -q, --quiet
           Run in quiet mode without warning or failure messages.


LIST MODULES
       List system configured PKCS#11 modules.

           $ p11-kit list-modules

       The modules, information about them and the tokens present in the PKCS#11 modules will be
       displayed.


LIST PROFILES
       List PKCS#11 profiles supported by the token.

           $ p11-kit list-profiles pkcs11:token

       This searches the given token for profile objects that contain profile IDs which are then
       displayed in human-readable form.


ADD PROFILE
       Add PKCS#11 profile to the token.

           $ p11-kit add-profile --profile profile pkcs11:token

       Creates a new PKCS#11 profile object on the token if it doesn't already exist.


DELETE PROFILE
       Delete PKCS#11 profile from the token.

           $ p11-kit delete-profile --profile profile pkcs11:token

       Searches the token for profile object that matches given PKCS#11 profile ID and attempts
       to destroy it.


PRINT CONFIG
       Print merged configuration.

           $ p11-kit print-config

       P11-kit provides 3 levels of configuration: system wide, per-module, and per-user. At
       run-time all 3 levels are merged into a single configuration. This command displays the
       merged configuration.


EXTRACT
       Extract certificates from configured PKCS#11 modules.

       This operation has been moved to a separate command trust extract. See trust(1) for more
       information


SERVER
       Run a server process that exposes PKCS#11 module remotely.

           $ p11-kit server pkcs11:token1 pkcs11:token2 ...
           $ p11-kit server --provider /path/to/pkcs11-module.so pkcs11:token1 pkcs11:token2 ...

       This launches a server that exposes the given PKCS#11 tokens on a local socket. The tokens
       must belong to the same module. To access the socket, use p11-kit-client.so module. The
       server address and PID are printed as a shell-script snippet which sets the appropriate
       environment variable: P11_KIT_SERVER_ADDRESS and P11_KIT_SERVER_PID.


EXTRACT TRUST
       Extract standard trust information files.

       This operation has been moved to a separate command trust extract-compat. See trust(1) for
       more information


REMOTE
       Run a PKCS#11 module remotely.

           $ p11-kit remote /path/to/pkcs11-module.so
           $ p11-kit remote pkcs11:token1 pkcs11:token2 ...

       This is not meant to be run directly from a terminal. But rather in a remote option in a
       pkcs11.conf(5) file.

       This exposes the given PKCS#11 module or tokens over standard input and output. Those two
       forms, whether to expose a module or tokens, are mutually exclusive and if the second form
       is used, the tokens must belong to the same module.


BUGS
       Please send bug reports to either the distribution bug tracker or the upstream bug tracker
       at https://github.com/p11-glue/p11-kit/issues/.


SEE ALSO
       pkcs11.conf(5)

       Further details available in the p11-kit online documentation at
       https://p11-glue.github.io/p11-glue/p11-kit/manual/.