Provided by: openpace_1.1.2+ds+git20220117+453c3d6b03a0-1.1build2_amd64
NAME
cvc-create - manual page for cvc-create 1.1.2
SYNOPSIS
cvc-create [OPTION]...
DESCRIPTION
Create a card verifiable certificate -h, --help Print help and exit -V, --version Print version and exit --out-cert=FILENAME Where to save the certificate (default=`CHR.cvcert') --role=ENUM The terminal's role (possible values="cvca", "dv_domestic", "dv_foreign", "terminal") --type=STRING Type of the terminal. Known values are "at" (Authentication Terminal), "is" (Inspection System), "st" (Signature Terminal), "derived_from_signer" (uses the the signer's CVC type), any other value is interpreted as object identifier. (default=`derived_from_signer') --chat=HEXSTRING Raw Card Holder Authorization Template (CHAT). This option will overwrite any terminal specific effective authorization (see options for AT/IS/ST). --issued=YYMMDD Date the certificate was issued (default=`today') --expires=YYMMDD Date until the certicate is valid --sign-with=FILENAME Private key for signing the new certificate --scheme=ENUM Signature scheme that the new terminal will use (possible values="ECDSA_SHA_1", "ECDSA_SHA_224", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "RSA_v1_5_SHA_1", "RSA_v1_5_SHA_256", "RSA_v1_5_SHA_512", "RSA_PSS_SHA_1", "RSA_PSS_SHA_256", "RSA_PSS_SHA_512") Mode: csr The properties of the certificate are derived from the given signing request. --csr=FILENAME Certificate signing request with the attributes Mode: manual The properties of the certificate are derived from the command line switches. --chr=CCH...HSSSSS Certificate holder reference (2 characters ISO 3166-1 ALPHA-2 country code, 0-9 characters ISO/IEC 8859-1 holder mnemonic, 5 characters ISO/IEC 8859-1 numeric or alphanumeric sequence number) --sign-as=FILENAME CV certificate of the entity signing the new certificate (default=`self signed') --key=FILENAME Private key of the Terminal (default=`derived from signer') --out-key=FILENAME Where to save the derived private key (default=`CHR.pkcs8') Options for an Authentication Terminal (AT): --out-desc=FILENAME Where to save the encoded certificate description (default=`CHR.desc') --cert-desc=FILENAME Terms of usage as part of the certificate description (*.txt, *.html or *.pdf) --issuer-name=STRING Name of the issuer of this certificate (certificate description) --issuer-url=URL URL that points to informations about the issuer of this certificate (certificate description) --subject-name=STRING Name of the holder of this certificate (certificate description) --subject-url=URL URL that points to informations about the subject of this certificate (certificate description) --write-dg17 Allow writing DG 17 (Normal Place of Residence) (default=off) --write-dg18 Allow writing DG 18 (Community ID) (default=off) --write-dg19 Allow writing DG 19 (Residence Permit I) (default=off) --write-dg20 Allow writing DG 20 (Residence Permit II) (default=off) --write-dg21 Allow writing DG 21 (Optional Data) (default=off) --at-rfu32 Allow RFU R/W Access bit 32 (default=off) --at-rfu31 Allow RFU R/W Access bit 31 (default=off) --at-rfu30 Allow RFU R/W Access bit 30 (default=off) --at-rfu29 Allow RFU R/W Access bit 29 (default=off) --read-dg1 Allow reading DG 1 (Document Type) (default=off) --read-dg2 Allow reading DG 2 (Issuing State) (default=off) --read-dg3 Allow reading DG 3 (Date of Expiry) (default=off) --read-dg4 Allow reading DG 4 (Given Names) (default=off) --read-dg5 Allow reading DG 5 (Family Names) (default=off) --read-dg6 Allow reading DG 6 (Religious/Artistic Name) (default=off) --read-dg7 Allow reading DG 7 (Academic Title) (default=off) --read-dg8 Allow reading DG 8 (Date of Birth) (default=off) --read-dg9 Allow reading DG 9 (Place of Birth) (default=off) --read-dg10 Allow reading DG 10 (Nationality) (default=off) --read-dg11 Allow reading DG 11 (Sex) (default=off) --read-dg12 Allow reading DG 12 (Optional Data) (default=off) --read-dg13 Allow reading DG 13 (default=off) --read-dg14 Allow reading DG 14 (default=off) --read-dg15 Allow reading DG 15 (default=off) --read-dg16 Allow reading DG 16 (default=off) --read-dg17 Allow reading DG 17 (Normal Place of Residence) (default=off) --read-dg18 Allow reading DG 18 (Community ID) (default=off) --read-dg19 Allow reading DG 19 (Residence Permit I) (default=off) --read-dg20 Allow reading DG 20 (Residence Permit II) (default=off) --read-dg21 Allow reading DG 21 (Optional Data) (default=off) --install-qual-cert Allow installing qualified certificate (default=off) --install-cert Allow installing certificate (default=off) --pin-management Allow PIN management (default=off) --can-allowed CAN allowed (default=off) --privileged Privileged terminal (default=off) --rid Allow restricted identification (default=off) --verify-community Allow community ID verification (default=off) --verify-age Allow age verification (default=off) Options for a Signature Terminal (ST): --st-rfu5 Allow RFU bit 5 (default=off) --st-rfu4 Allow RFU bit 4 (default=off) --st-rfu3 Allow RFU bit 3 (default=off) --st-rfu2 Allow RFU bit 2 (default=off) --gen-qualified-sig Generate qualified electronic signature (default=off) --gen-sig Generate electronic signature (default=off) Options for an Inspection System (IS): --read-eid Read access to eID application (Deprecated) (default=off) --is-rfu4 Allow RFU bit 4 (default=off) --is-rfu3 Allow RFU bit 3 (default=off) --is-rfu2 Allow RFU bit 2 (default=off) --read-iris Read access to ePassport application: DG 4 (Iris) (default=off) --read-finger Read access to ePassport application: DG 3 (Fingerprint) (default=off)
AUTHOR
Written by Frank Morgner <frankmorgner@gmail.com>
REPORTING BUGS
Report bugs to https://github.com/frankmorgner/openpace/issues