Provided by: gnutls-bin_3.0.11+really2.12.23-12ubuntu2_amd64 bug


       p11tool - Manipulate PKCS #11 tokens.


       p11tool [options]


       Export/import  data  from  PKCS  #11  tokens.  To  use  PKCS  #11  tokens  with gnutls the
       configuration file /etc/gnutls/pkcs11.conf has to exist and contain a number of  lines  of
       the form "load=/usr/lib/".


   Program control options
       -d, --debug LEVEL
              Specify the debug level. Default is 1.

       -h, --help
              Shows this help text

   Generic options
              Force login to the token for the intended operation.

       --provider MODULE
              In addition to /etc/gnutls/pkcs11.conf, load the specified module.

       --outfile FILE
              Print output to FILE.

       --inder, --inraw
              Input is DER formatted.

   Getting information on available X.509 certificates
              Prints all available tokens.

       --initialize URL
              Initializes  (formats)  the specified by the URL token. Note that several tokens do
              not support this fascility.

   Getting information on available X.509 certificates
              Prints all available certificates.

              Prints all certificates that have a corresponding private key stored in the token.

              Prints all certificates that have been marked as trusted.

   Getting information on private keys
              Prints all available private keys.

   Handling generic objects
       --export URL
              Exports the object (e.g. certificate) specified by the URL.

       --delete URL
              Deletes the object specified by the URL. Note that several tokens  do  not  support

              When printing URLs print them in a detailed (to the PKCS #11 module used) form.

              When printing URLs, do not print details on the module used.

   Storing objects
       --write URL
              Flag  to set when writing an object. Requires one of --load-privkey, --load-pubkey,
              --load-certificate or --secret-key options.

              Load a private key for the write operations.

              Load an X.509 subjectPublicKey for the write operation.

              Load an X.509 certificate for the write operation.

              Specify a hex encoded secret key for the write operation.

              The object stored will be marked as trusted.

              The label of the object stored.

   Controlling output
       -8, --pkcs8
              Use PKCS #8 format for private keys.


       To store a private key and certificate, run:

              $ p11tool --login --write "pkcs11:XXX"  --load-privkey key.pem --label "MyKey"
              $ p11tool --login --write "pkcs11:XXX"  --load-certificate cert.pem --label "MyCert"

       To view all objects in a token, use:

              $ p11tool --login --list-all


       Nikos       Mavrogiannopoulos       <>        and        others;        see
       /usr/share/doc/gnutls-bin/AUTHORS for a complete list.

                                        November 11th 2010                             p11tool(1)