Provided by: libcharon-extra-plugins_5.9.5-2ubuntu2.3_amd64 bug

NAME
       pt-tls-client - Simple client using PT-TLS to collect integrity information


SYNOPSIS
       pt-tls-client --connect hostname|address [--port port] [--certid hex|--cert file]+ [--keyid hex|--key
                     file] [--key-type rsa|ecdsa] [--client client-id] [--secret password] [--mutual]
                     [--options filename] [--quiet] [--debug level]

       pt-tls-client -h | --help


DESCRIPTION
       pt-tls-client  is  a  simple  client  using the PT-TLS (RFC 6876) transport protocol to collect integrity
       measurements on the client platform. PT-TLS does an initial TLS handshake with  certificate-based  server
       authentication and optional certificate-based client authentication.  Alternatively simple password-based
       SASL client authentication protected by TLS can be used.

       Attribute requests and integrity measurements are exchanged via the PA-TNC (RFC  5792)  message  protocol
       between  any  number  of  Integrity Measurement Verifiers (IMVs) residing on the remote PT-TLS server and
       multiple Integrity Measurement Collectors (IMCs) loaded dynamically by the PT-TLS client according  to  a
       list  defined  by  /etc/tnc_config.  PA-TNC  messages  that  contain one or several PA-TNC attributes are
       multiplexed into PB-TNC (RFC 5793) client or server data batches which in turn are  transported  via  PT-
       TLS.


OPTIONS
       -h, --help
              Prints usage information and a short summary of the available commands.

       -c, --connect hostname|address
              Set the hostname or IP address of the PT-TLS server.

       -p, --port port
              Set the port of the PT-TLS server, default: 271.

       -x, --cert file
              Set the path to an X.509 certificate file. This option can be repeated to load multiple client and
              CA certificates.

       -X, --certid hex
              Set the handle of the certificate stored in a smartcard or a TPM 2.0 Trusted Platform Module.

       -k, --key file
              Set the path to the client's PKCS#1 or PKCS#8 private key file

       -t, --key-type type
              Define the type of the private key if stored in PKCS#1 format. Can be omitted with PKCS#8 keys.

       -K, --keyid hex
              Set the keyid of the private key stored in a smartcard or a TPM 2.0 Trusted Platform Module.

       -i, --client client-id
              Set the username or client ID of the client required for password-based SASL authentication.

       -s, --secret password
              Set the preshared secret or client password required for password-based SASL authentication.

       -q, --mutual
              Enable mutual attestation between PT-TLS client and PT-TLS server.

       -v, --debug level
              Set debug level, default: 1.

       -q, --quiet
              Disable debug output to stderr.

       -+, --options file
              Read command line options from file.


EXAMPLES
       Connect to a PT-TLS server using certificate-based authentication, storing the private  ECDSA  key  in  a
       file:

         pt-tls-client --connect pdp.example.com --cert ca.crt \
                       --cert client.crt --key client.key --key-type ecdsa

       Connect to a PT-TLS server using certificate-based authentication, storing the private key in a smartcard
       or a TPM 2.0 Trusted Platform Module:

         pt-tls-client --connect pdp.example.com --cert ca.crt \
                       --cert client.crt --keyid 0x81010002

       Connect to a PT-TLS server listening on port 443, using SASL password-based authentication:

         pt-tls-client --connect pdp.example.com --port 443 --cert ca.crt \
                       --client jane --password p2Nl9trKlb


FILES
       /etc/tnc_config


SEE ALSO
       strongswan.conf(5)