Provided by: openpace_1.1.2+ds+git20220117+453c3d6b03a0-1.1build2_amd64 bug

NAME

       cvc-create - manual page for cvc-create 1.1.2

SYNOPSIS

       cvc-create [OPTION]...

DESCRIPTION

       Create a card verifiable certificate

       -h, --help
              Print help and exit

       -V, --version
              Print version and exit

       --out-cert=FILENAME
              Where to save the certificate (default=`CHR.cvcert')

       --role=ENUM
              The   terminal's   role    (possible  values="cvca",  "dv_domestic",  "dv_foreign",
              "terminal")

       --type=STRING
              Type of the  terminal.  Known  values  are  "at"  (Authentication  Terminal),  "is"
              (Inspection System), "st" (Signature Terminal), "derived_from_signer" (uses the the
              signer's  CVC  type),  any  other  value  is  interpreted  as  object   identifier.
              (default=`derived_from_signer')

       --chat=HEXSTRING
              Raw  Card  Holder  Authorization  Template  (CHAT).  This option will overwrite any
              terminal specific effective authorization (see options for AT/IS/ST).

       --issued=YYMMDD
              Date the certificate was issued  (default=`today')

       --expires=YYMMDD
              Date until the certicate is valid

       --sign-with=FILENAME
              Private key for signing the new certificate

       --scheme=ENUM
              Signature scheme that the new terminal  will  use  (possible  values="ECDSA_SHA_1",
              "ECDSA_SHA_224",       "ECDSA_SHA_256",      "ECDSA_SHA_384",      "ECDSA_SHA_512",
              "RSA_v1_5_SHA_1",    "RSA_v1_5_SHA_256",    "RSA_v1_5_SHA_512",    "RSA_PSS_SHA_1",
              "RSA_PSS_SHA_256", "RSA_PSS_SHA_512")

              Mode: csr

              The properties of the certificate are derived from the given signing request.

       --csr=FILENAME
              Certificate signing request with the attributes

              Mode: manual

              The properties of the certificate are derived from the command line switches.

       --chr=CCH...HSSSSS
              Certificate  holder  reference  (2  characters ISO 3166-1 ALPHA-2 country code, 0-9
              characters ISO/IEC 8859-1 holder mnemonic, 5 characters ISO/IEC 8859-1  numeric  or
              alphanumeric sequence number)

       --sign-as=FILENAME
              CV certificate of the entity signing the new certificate  (default=`self signed')

       --key=FILENAME
              Private key of the Terminal  (default=`derived from signer')

       --out-key=FILENAME
              Where to save the derived private key (default=`CHR.pkcs8')

   Options for an Authentication Terminal (AT):
       --out-desc=FILENAME
              Where to save the encoded certificate description (default=`CHR.desc')

       --cert-desc=FILENAME
              Terms of usage as part of the certificate description (*.txt, *.html or *.pdf)

       --issuer-name=STRING
              Name of the issuer of this certificate (certificate description)

       --issuer-url=URL
              URL  that  points to informations about the issuer of this certificate (certificate
              description)

       --subject-name=STRING
              Name of the holder of this certificate (certificate description)

       --subject-url=URL
              URL that points to informations about the subject of this certificate  (certificate
              description)

       --write-dg17
              Allow writing DG 17 (Normal Place of Residence) (default=off)

       --write-dg18
              Allow writing DG 18 (Community ID)  (default=off)

       --write-dg19
              Allow writing DG 19 (Residence Permit I) (default=off)

       --write-dg20
              Allow writing DG 20 (Residence Permit II) (default=off)

       --write-dg21
              Allow writing DG 21 (Optional Data)  (default=off)

       --at-rfu32
              Allow RFU R/W Access bit 32  (default=off)

       --at-rfu31
              Allow RFU R/W Access bit 31  (default=off)

       --at-rfu30
              Allow RFU R/W Access bit 30  (default=off)

       --at-rfu29
              Allow RFU R/W Access bit 29  (default=off)

       --read-dg1
              Allow reading DG 1   (Document Type) (default=off)

       --read-dg2
              Allow reading DG 2   (Issuing State) (default=off)

       --read-dg3
              Allow reading DG 3   (Date of Expiry) (default=off)

       --read-dg4
              Allow reading DG 4   (Given Names)  (default=off)

       --read-dg5
              Allow reading DG 5   (Family Names)  (default=off)

       --read-dg6
              Allow reading DG 6   (Religious/Artistic Name) (default=off)

       --read-dg7
              Allow reading DG 7   (Academic Title) (default=off)

       --read-dg8
              Allow reading DG 8   (Date of Birth) (default=off)

       --read-dg9
              Allow reading DG 9   (Place of Birth) (default=off)

       --read-dg10
              Allow reading DG 10  (Nationality)  (default=off)

       --read-dg11
              Allow reading DG 11  (Sex)  (default=off)

       --read-dg12
              Allow reading DG 12  (Optional Data) (default=off)

       --read-dg13
              Allow reading DG 13  (default=off)

       --read-dg14
              Allow reading DG 14  (default=off)

       --read-dg15
              Allow reading DG 15  (default=off)

       --read-dg16
              Allow reading DG 16  (default=off)

       --read-dg17
              Allow reading DG 17  (Normal Place of Residence) (default=off)

       --read-dg18
              Allow reading DG 18  (Community ID)  (default=off)

       --read-dg19
              Allow reading DG 19  (Residence Permit I) (default=off)

       --read-dg20
              Allow reading DG 20  (Residence Permit II) (default=off)

       --read-dg21
              Allow reading DG 21  (Optional Data) (default=off)

       --install-qual-cert
              Allow installing qualified certificate (default=off)

       --install-cert
              Allow installing certificate  (default=off)

       --pin-management
              Allow PIN management  (default=off)

       --can-allowed
              CAN allowed  (default=off)

       --privileged
              Privileged terminal  (default=off)

       --rid  Allow restricted identification  (default=off)

       --verify-community
              Allow community ID verification  (default=off)

       --verify-age
              Allow age verification  (default=off)

   Options for a Signature Terminal (ST):
       --st-rfu5
              Allow RFU bit 5  (default=off)

       --st-rfu4
              Allow RFU bit 4  (default=off)

       --st-rfu3
              Allow RFU bit 3  (default=off)

       --st-rfu2
              Allow RFU bit 2  (default=off)

       --gen-qualified-sig
              Generate qualified electronic signature (default=off)

       --gen-sig
              Generate electronic signature  (default=off)

   Options for an Inspection System (IS):
       --read-eid
              Read access to eID application (Deprecated) (default=off)

       --is-rfu4
              Allow RFU bit 4  (default=off)

       --is-rfu3
              Allow RFU bit 3  (default=off)

       --is-rfu2
              Allow RFU bit 2  (default=off)

       --read-iris
              Read access to ePassport application: DG 4 (Iris) (default=off)

       --read-finger
              Read access to ePassport application: DG 3 (Fingerprint)  (default=off)

AUTHOR

       Written by Frank Morgner <frankmorgner@gmail.com>

REPORTING BUGS

       Report bugs to https://github.com/frankmorgner/openpace/issues